Edit tour

Windows Analysis Report
random.exe

Overview

General Information

Sample name:	random.exe
Analysis ID:	1582369
MD5:	27998d2440b5a856eca1795eabb8fa23
SHA1:	62d063990224278662ebd3e54742c09c0ed74751
SHA256:	bb98ac0c1ef756eee54726001008f52b498dd3c8575e190083674f52f33f3d9f
Tags:	exelumarpovertystealeruser-juroots
Infos:

Detection

Poverty Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Poverty Stealer

AI detected suspicious sample

Found evasive API chain (may stop execution after checking mutex)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to query CPU information (cpuid)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Entry point lies outside standard sections

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Program does not show much activity (idle)

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

random.exe (PID: 7428 cmdline: "C:\Users\user\Desktop\random.exe" MD5: 27998D2440B5A856ECA1795EABB8FA23)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_PovertyStealer	Yara detected Poverty Stealer	Joe Security
00000000.00000003.1664938912.0000000004880000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_PovertyStealer	Yara detected Poverty Stealer	Joe Security
Process Memory Space: random.exe PID: 7428	JoeSecurity_PovertyStealer	Yara detected Poverty Stealer	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET MALWARE LUMAR Stealer Exfiltration M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-30T12:12:10.863535+0100	2048736	1	A Network Trojan was detected	192.168.2.4	49730	185.244.212.106	2227	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: random.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: random.exe

ReversingLabs: Detection: 39%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: random.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_007A1D21 CryptUnprotectData,

0_2_007A1D21

Source: random.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source:	Binary string: ntkrnlmp.pdbs source: random.exe, 00000000.00000002.1975311924.0000000010423000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb source: random.exe, 00000000.00000002.1836863747.000000000C66D000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1975311924.0000000010421000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1807029374.000000000B38A000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808052116.000000000B550000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1868426653.000000000D5B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbv source: random.exe, 00000000.00000002.1868426653.000000000D5B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbw source: random.exe, 00000000.00000002.1880797566.000000000DD29000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdb source: random.exe, 00000000.00000002.1952764942.000000000FC54000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1849090410.000000000CDA6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb\|& source: random.exe, 00000000.00000002.1935082319.000000000F4DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*) source: random.exe, 00000000.00000002.1807226703.000000000B3B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdb}B source: random.exe, 00000000.00000002.1915975098.000000000ECEA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbt source: random.exe, 00000000.00000002.1880797566.000000000DD29000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbw source: random.exe, 00000000.00000002.1952764942.000000000FC48000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1820182617.000000000BF31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbu source: random.exe, 00000000.00000002.1849090410.000000000CDA6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbv source: random.exe, 00000000.00000002.1811755692.000000000B943000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbJ source: random.exe, 00000000.00000002.1820182617.000000000BF2A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb}t source: random.exe, 00000000.00000002.1836863747.000000000C66D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbd\| source: random.exe, 00000000.00000002.1915975098.000000000ECF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbx, source: random.exe, 00000000.00000002.1952764942.000000000FC48000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1836863747.000000000C66D000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1880797566.000000000DD29000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1935082319.000000000F4DD000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1915975098.000000000ECF1000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1820182617.000000000BF31000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1807029374.000000000B38A000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1975311924.000000001041C000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1811755692.000000000B943000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808052116.000000000B550000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1897529712.000000000E55A000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1849090410.000000000CDA6000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1868426653.000000000D5B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbn source: random.exe, 00000000.00000002.1897529712.000000000E55A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbxn source: random.exe, 00000000.00000002.1836863747.000000000C679000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb}* source: random.exe, 00000000.00000002.1952764942.000000000FC54000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbmZ source: random.exe, 00000000.00000002.1897529712.000000000E55A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb\ source: random.exe, 00000000.00000002.1849828364.000000000CDCC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb`, source: random.exe, 00000000.00000002.1897529712.000000000E55A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdby\ source: random.exe, 00000000.00000002.1935082319.000000000F4E2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*/ source: random.exe, 00000000.00000002.1807226703.000000000B3B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbgP source: random.exe, 00000000.00000002.1935082319.000000000F4E2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbK source: random.exe, 00000000.00000002.1880797566.000000000DD29000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1975311924.000000001041C000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1868426653.000000000D5B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbnh source: random.exe, 00000000.00000002.1915975098.000000000ECF6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbM source: random.exe, 00000000.00000002.1820182617.000000000BF2A000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007A1000 FindFirstFileW,FindNextFileW,	0_2_007A1000
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007A1DC9 FindFirstFileW,FindNextFileW,	0_2_007A1DC9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007A4EB2 FindFirstFileW,FindNextFileW,	0_2_007A4EB2
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007A4145 FindFirstFileW,FindNextFileW,	0_2_007A4145
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007A3F87 FindFirstFileW,FindNextFileW,	0_2_007A3F87

Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2048736 - Severity 1 - ET MALWARE LUMAR Stealer Exfiltration M2 : 192.168.2.4:49730 -> 185.244.212.106:2227

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 185.244.212.106:2227

Source: Joe Sandbox View

IP Address: 185.244.212.106 185.244.212.106

Source: Joe Sandbox View

ASN Name: M247GB M247GB

Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106
Source: unknown	TCP traffic detected without corresponding DNS query: 185.244.212.106

Source: random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

System Summary

PE file contains section with special chars

Source: random.exe	Static PE information: section name:
Source: random.exe	Static PE information: section name: .idata
Source: random.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007DD07C	0_2_007DD07C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F507D	0_2_007F507D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D0072	0_2_007D0072
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008AC09B	0_2_008AC09B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008ED094	0_2_008ED094
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007FC05A	0_2_007FC05A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008490B3	0_2_008490B3
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008620BF	0_2_008620BF
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008AB0B6	0_2_008AB0B6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008C00B3	0_2_008C00B3
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B803B	0_2_007B803B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008FD0CE	0_2_008FD0CE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008710C8	0_2_008710C8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007BA02D	0_2_007BA02D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008E80D8	0_2_008E80D8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E9026	0_2_007E9026
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008950EA	0_2_008950EA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008550EF	0_2_008550EF
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008960E2	0_2_008960E2
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080B0EE	0_2_0080B0EE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008B70E4	0_2_008B70E4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0090D0E3	0_2_0090D0E3
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008740F3	0_2_008740F3
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A70FC	0_2_008A70FC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009010E8	0_2_009010E8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083D0F9	0_2_0083D0F9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008FF0F0	0_2_008FF0F0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008BB01C	0_2_008BB01C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D002D	0_2_008D002D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C40DD	0_2_007C40DD
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00803021	0_2_00803021
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084E02C	0_2_0084E02C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0086D02D	0_2_0086D02D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00907020	0_2_00907020
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C20CD	0_2_007C20CD
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A6033	0_2_008A6033
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00887032	0_2_00887032
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087F03A	0_2_0087F03A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00864039	0_2_00864039
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00812043	0_2_00812043
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0081E048	0_2_0081E048
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083804A	0_2_0083804A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D70B1	0_2_007D70B1
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D60A4	0_2_007D60A4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0081C058	0_2_0081C058
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00889051	0_2_00889051
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007DC0A6	0_2_007DC0A6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0089D052	0_2_0089D052
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C90A0	0_2_007C90A0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0088E057	0_2_0088E057
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00883063	0_2_00883063
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00879069	0_2_00879069
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00829070	0_2_00829070
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087E07F	0_2_0087E07F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00804079	0_2_00804079
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008EA075	0_2_008EA075
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0086307B	0_2_0086307B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D818D	0_2_008D818D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007DB17C	0_2_007DB17C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E417B	0_2_007E417B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080F188	0_2_0080F188
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00820191	0_2_00820191
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087719F	0_2_0087719F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084D19F	0_2_0084D19F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0086B19A	0_2_0086B19A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083319E	0_2_0083319E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008C61AD	0_2_008C61AD
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008AD1A8	0_2_008AD1A8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007DE155	0_2_007DE155
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008031A9	0_2_008031A9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0085A1AC	0_2_0085A1AC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0089B1B8	0_2_0089B1B8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D41BE	0_2_008D41BE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008461BB	0_2_008461BB
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008621C5	0_2_008621C5
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087D1C4	0_2_0087D1C4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008261C6	0_2_008261C6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0086D1CE	0_2_0086D1CE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008E61C1	0_2_008E61C1
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008971D8	0_2_008971D8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007BC120	0_2_007BC120
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008101DA	0_2_008101DA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008291DE	0_2_008291DE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008401DA	0_2_008401DA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008DB1E6	0_2_008DB1E6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007EA10E	0_2_007EA10E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008871FB	0_2_008871FB
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009071E4	0_2_009071E4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C1107	0_2_007C1107
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D11F6	0_2_008D11F6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A01F6	0_2_008A01F6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083B103	0_2_0083B103
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A8109	0_2_008A8109
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00825106	0_2_00825106
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008F9104	0_2_008F9104
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D3103	0_2_008D3103
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080E10F	0_2_0080E10F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B71E1	0_2_007B71E1
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A212E	0_2_008A212E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008B212C	0_2_008B212C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0081A12D	0_2_0081A12D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008B4124	0_2_008B4124
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0085B136	0_2_0085B136
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00902123	0_2_00902123
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00848133	0_2_00848133
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0090C128	0_2_0090C128
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D2134	0_2_008D2134
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084513F	0_2_0084513F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0081B13C	0_2_0081B13C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008CD14D	0_2_008CD14D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D614E	0_2_008D614E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0091C154	0_2_0091C154
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083C14F	0_2_0083C14F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00854162	0_2_00854162
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C6196	0_2_007C6196
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087C16D	0_2_0087C16D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0082A173	0_2_0082A173
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008F4172	0_2_008F4172
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007ED27E	0_2_007ED27E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00835283	0_2_00835283
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00807281	0_2_00807281
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083628B	0_2_0083628B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C8276	0_2_007C8276
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0081628B	0_2_0081628B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0082F28D	0_2_0082F28D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080B296	0_2_0080B296
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0086A291	0_2_0086A291
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084F2A9	0_2_0084F2A9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E224E	0_2_007E224E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008CB2BD	0_2_008CB2BD
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007CF244	0_2_007CF244
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008762BF	0_2_008762BF
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008C42C9	0_2_008C42C9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007EC238	0_2_007EC238
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0090E2D6	0_2_0090E2D6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D5235	0_2_007D5235
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0090A2D8	0_2_0090A2D8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007CD235	0_2_007CD235
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008EF2C2	0_2_008EF2C2
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D22D8	0_2_008D22D8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E0229	0_2_007E0229
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008442D8	0_2_008442D8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009212CD	0_2_009212CD
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009102F1	0_2_009102F1
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008252E4	0_2_008252E4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008BF2E1	0_2_008BF2E1
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008AE2E7	0_2_008AE2E7
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0088F2E6	0_2_0088F2E6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0090B2EA	0_2_0090B2EA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009002EC	0_2_009002EC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007BD205	0_2_007BD205
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008DA208	0_2_008DA208
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00852203	0_2_00852203
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083120A	0_2_0083120A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008ED212	0_2_008ED212
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C42DC	0_2_007C42DC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00824223	0_2_00824223
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084C223	0_2_0084C223
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080A22D	0_2_0080A22D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008E5238	0_2_008E5238
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F82C7	0_2_007F82C7
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007EB2C5	0_2_007EB2C5
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008F5232	0_2_008F5232
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0092622D	0_2_0092622D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00848245	0_2_00848245
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0085C247	0_2_0085C247
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00805243	0_2_00805243
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0088D242	0_2_0088D242
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084A248	0_2_0084A248
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083024E	0_2_0083024E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00881258	0_2_00881258
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008AF253	0_2_008AF253
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083E259	0_2_0083E259
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00898252	0_2_00898252
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0081D262	0_2_0081D262
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008C526F	0_2_008C526F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0085926F	0_2_0085926F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F0289	0_2_007F0289
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087A27F	0_2_0087A27F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084127E	0_2_0084127E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007BF287	0_2_007BF287
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00827383	0_2_00827383
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0091E393	0_2_0091E393
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0082D38A	0_2_0082D38A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00921382	0_2_00921382
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00850391	0_2_00850391
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008E13AE	0_2_008E13AE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008E73AC	0_2_008E73AC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009033B9	0_2_009033B9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009053BE	0_2_009053BE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008BE3BC	0_2_008BE3BC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007BA341	0_2_007BA341
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008923C8	0_2_008923C8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E7339	0_2_007E7339
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087E3E6	0_2_0087E3E6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008133E4	0_2_008133E4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008993EF	0_2_008993EF
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008613EB	0_2_008613EB
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A73E4	0_2_008A73E4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C630D	0_2_007C630D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008C43FA	0_2_008C43FA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D7306	0_2_007D7306
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008B03F6	0_2_008B03F6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E6301	0_2_007E6301
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00861302	0_2_00861302
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00809306	0_2_00809306
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D5303	0_2_008D5303
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0088531B	0_2_0088531B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00875311	0_2_00875311
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008EC316	0_2_008EC316
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B63E1	0_2_007B63E1
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084B319	0_2_0084B319
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0088C315	0_2_0088C315
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0085831B	0_2_0085831B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0088B317	0_2_0088B317
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008C732F	0_2_008C732F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C73D8	0_2_007C73D8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00890321	0_2_00890321
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00868332	0_2_00868332
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E83C8	0_2_007E83C8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0090632D	0_2_0090632D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0089534D	0_2_0089534D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008FC34B	0_2_008FC34B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0082C34E	0_2_0082C34E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B63B5	0_2_007B63B5
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008E2359	0_2_008E2359
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D4398	0_2_007D4398
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008CE366	0_2_008CE366
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087036B	0_2_0087036B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E9391	0_2_007E9391
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00843372	0_2_00843372
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008DD37A	0_2_008DD37A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008FA378	0_2_008FA378
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080837F	0_2_0080837F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00907495	0_2_00907495
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0086948C	0_2_0086948C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00822489	0_2_00822489
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0082948E	0_2_0082948E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008B649B	0_2_008B649B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007DE469	0_2_007DE469
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F646A	0_2_007F646A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008DE498	0_2_008DE498
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00865491	0_2_00865491
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0086449E	0_2_0086449E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007EE465	0_2_007EE465
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008C64AC	0_2_008C64AC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007EC456	0_2_007EC456
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008B24A5	0_2_008B24A5
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084E4C4	0_2_0084E4C4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D743C	0_2_007D743C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080D4CC	0_2_0080D4CC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D74C1	0_2_008D74C1
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008B74C5	0_2_008B74C5
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008154D0	0_2_008154D0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008EA4D9	0_2_008EA4D9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D44D7	0_2_008D44D7
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007ED425	0_2_007ED425
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008564D8	0_2_008564D8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008BD4D4	0_2_008BD4D4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007BC41B	0_2_007BC41B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E5416	0_2_007E5416
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008E04FC	0_2_008E04FC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A14F9	0_2_008A14F9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008034F4	0_2_008034F4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008144F6	0_2_008144F6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008DA4F6	0_2_008DA4F6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008FB40E	0_2_008FB40E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00819404	0_2_00819404
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00882402	0_2_00882402
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0086B40A	0_2_0086B40A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087B415	0_2_0087B415
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A0418	0_2_008A0418
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D64E8	0_2_007D64E8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083B415	0_2_0083B415
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0088641E	0_2_0088641E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008FE417	0_2_008FE417
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E34E7	0_2_007E34E7
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00812424	0_2_00812424
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087842E	0_2_0087842E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F44D0	0_2_007F44D0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083242C	0_2_0083242C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00879435	0_2_00879435
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D04CE	0_2_007D04CE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007FD4CB	0_2_007FD4CB
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008AC433	0_2_008AC433
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008F6436	0_2_008F6436
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A2448	0_2_008A2448
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007DD4B3	0_2_007DD4B3
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00845454	0_2_00845454
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00920444	0_2_00920444
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007BE4AC	0_2_007BE4AC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D14A1	0_2_007D14A1
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A8455	0_2_008A8455
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008E4460	0_2_008E4460
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00849473	0_2_00849473
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B9576	0_2_007B9576
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C5571	0_2_007C5571
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008E3581	0_2_008E3581
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008EE59D	0_2_008EE59D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007BC56D	0_2_007BC56D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007EA567	0_2_007EA567
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00818598	0_2_00818598
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0081D59A	0_2_0081D59A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0091558C	0_2_0091558C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C155D	0_2_007C155D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083C5A6	0_2_0083C5A6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C3553	0_2_007C3553
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008F75BE	0_2_008F75BE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007CE548	0_2_007CE548
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008E65BA	0_2_008E65BA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0090A5A4	0_2_0090A5A4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008575BD	0_2_008575BD
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C0538	0_2_007C0538
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0081B5C8	0_2_0081B5C8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009015DB	0_2_009015DB
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008BC5DB	0_2_008BC5DB
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008875DE	0_2_008875DE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008CF5D4	0_2_008CF5D4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D2527	0_2_007D2527
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008425DB	0_2_008425DB
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008475E6	0_2_008475E6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F3515	0_2_007F3515
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008DF5E7	0_2_008DF5E7
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0082B5EE	0_2_0082B5EE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C950D	0_2_007C950D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E450F	0_2_007E450F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0089B5FA	0_2_0089B5FA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008B25F8	0_2_008B25F8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008605F1	0_2_008605F1
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0088C5FF	0_2_0088C5FF
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008C55F0	0_2_008C55F0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008FC5F3	0_2_008FC5F3
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008335FE	0_2_008335FE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008FF50B	0_2_008FF50B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083D506	0_2_0083D506
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0088A502	0_2_0088A502
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0089E505	0_2_0089E505
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008B451B	0_2_008B451B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008CC51D	0_2_008CC51D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0082A516	0_2_0082A516
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008F451B	0_2_008F451B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080E518	0_2_0080E518
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080A51A	0_2_0080A51A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008AA516	0_2_008AA516
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00811520	0_2_00811520
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083F522	0_2_0083F522
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087C524	0_2_0087C524
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A452F	0_2_008A452F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00802528	0_2_00802528
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00889524	0_2_00889524
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B75AF	0_2_007B75AF
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008EB551	0_2_008EB551
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D856D	0_2_008D856D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D6565	0_2_008D6565
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00851569	0_2_00851569
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008B0565	0_2_008B0565
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00812573	0_2_00812573
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008EC57A	0_2_008EC57A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080657B	0_2_0080657B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00825686	0_2_00825686
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0085B68C	0_2_0085B68C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D0684	0_2_008D0684
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F7674	0_2_007F7674
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0085268E	0_2_0085268E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A4681	0_2_008A4681
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007EB66F	0_2_007EB66F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0086D694	0_2_0086D694
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00844697	0_2_00844697
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007BB66C	0_2_007BB66C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0085A692	0_2_0085A692
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F265A	0_2_007F265A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008166A9	0_2_008166A9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0085E6AD	0_2_0085E6AD
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008306AA	0_2_008306AA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008816A4	0_2_008816A4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0086E6A8	0_2_0086E6A8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087C6B3	0_2_0087C6B3
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084D6BC	0_2_0084D6BC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008246B9	0_2_008246B9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008486BA	0_2_008486BA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008986B6	0_2_008986B6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008756C7	0_2_008756C7
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008506C4	0_2_008506C4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080F6C5	0_2_0080F6C5
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008DC6CA	0_2_008DC6CA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087A6CC	0_2_0087A6CC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008F86C3	0_2_008F86C3
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007AE637	0_2_007AE637
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F1632	0_2_007F1632
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D561D	0_2_007D561D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008C36EC	0_2_008C36EC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008CB6EC	0_2_008CB6EC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008586E4	0_2_008586E4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008766E4	0_2_008766E4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008F16E8	0_2_008F16E8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007CA611	0_2_007CA611
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008136EF	0_2_008136EF
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007FE60C	0_2_007FE60C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084B6F3	0_2_0084B6F3
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008906F3	0_2_008906F3
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F8602	0_2_007F8602
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008186FC	0_2_008186FC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008686F8	0_2_008686F8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008FD606	0_2_008FD606
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084F608	0_2_0084F608
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0090461F	0_2_0090461F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008F361C	0_2_008F361C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008B362D	0_2_008B362D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D46D4	0_2_007D46D4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00801629	0_2_00801629
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008EF627	0_2_008EF627
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080B62F	0_2_0080B62F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C46CE	0_2_007C46CE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007CC6C5	0_2_007CC6C5
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087063D	0_2_0087063D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080C647	0_2_0080C647
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A5640	0_2_008A5640
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007FA6A7	0_2_007FA6A7
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0085365D	0_2_0085365D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0091464E	0_2_0091464E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008F5669	0_2_008F5669
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00867661	0_2_00867661
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E0695	0_2_007E0695
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D6691	0_2_007D6691
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00859668	0_2_00859668
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0082666D	0_2_0082666D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0084C674	0_2_0084C674
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007BA68A	0_2_007BA68A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00840677	0_2_00840677
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007CF684	0_2_007CF684
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C7682	0_2_007C7682
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00845782	0_2_00845782
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D9774	0_2_007D9774
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083F789	0_2_0083F789
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008C8787	0_2_008C8787
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00823793	0_2_00823793
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00817797	0_2_00817797
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008AA7A8	0_2_008AA7A8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008F97AD	0_2_008F97AD
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D97AE	0_2_008D97AE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087E7AD	0_2_0087E7AD
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C074C	0_2_007C074C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007BF748	0_2_007BF748
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C974A	0_2_007C974A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B7741	0_2_007B7741
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009247DA	0_2_009247DA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A07C0	0_2_008A07C0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007ED729	0_2_007ED729
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008227D5	0_2_008227D5
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008787D0	0_2_008787D0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D77D5	0_2_008D77D5
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E771C	0_2_007E771C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008437E2	0_2_008437E2
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0087D7E1	0_2_0087D7E1
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008FC7E2	0_2_008FC7E2
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C87FD	0_2_007C87FD
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008EA70A	0_2_008EA70A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F27FA	0_2_007F27FA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007C07F5	0_2_007C07F5
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0083C71D	0_2_0083C71D
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0086F724	0_2_0086F724
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0091F720	0_2_0091F720
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D57CE	0_2_007D57CE
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00857733	0_2_00857733
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D27C7	0_2_007D27C7
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007FC7BD	0_2_007FC7BD
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0089274B	0_2_0089274B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B67B0	0_2_007B67B0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008E1745	0_2_008E1745
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00821754	0_2_00821754
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D5757	0_2_008D5757
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0090674F	0_2_0090674F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F079C	0_2_007F079C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0088F778	0_2_0088F778
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00810770	0_2_00810770
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D878B	0_2_007D878B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0080777A	0_2_0080777A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00885773	0_2_00885773
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E5875	0_2_007E5875
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008DD89C	0_2_008DD89C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007E386C	0_2_007E386C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008AC892	0_2_008AC892
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007D0864	0_2_007D0864
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A2891	0_2_008A2891
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0086289A	0_2_0086289A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A38AA	0_2_008A38AA
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0081E8AC	0_2_0081E8AC
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008F28BF	0_2_008F28BF
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008008C4	0_2_008008C4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009088D8	0_2_009088D8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007BC836	0_2_007BC836
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008DA8C2	0_2_008DA8C2
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008A88DF	0_2_008A88DF
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008E08D6	0_2_008E08D6
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D38D4	0_2_008D38D4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008FB8D2	0_2_008FB8D2
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007EC81B	0_2_007EC81B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008D78E4	0_2_008D78E4
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008C48FF	0_2_008C48FF
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0089A8FE	0_2_0089A8FE

Source: random.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: random.exe	Static PE information: Section: ZLIB complexity 1.00067138671875
Source: random.exe	Static PE information: Section: xuvnqsmj ZLIB complexity 0.994574785670545

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/0@0/1

Source: C:\Users\user\Desktop\random.exe

Mutant created: \Sessions\1\BaseNamedObjects\4148ce17-5f2b-4314-8b16-31b6a48899e4

Source: C:\Users\user\Desktop\random.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: random.exe

ReversingLabs: Detection: 39%

Source: random.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\random.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Section loaded: mswsock.dll	Jump to behavior

Source: random.exe

Static file information: File size 1704448 > 1048576

Source: random.exe

Static PE information: Raw size of xuvnqsmj is bigger than: 0x100000 < 0x198400

Source:	Binary string: ntkrnlmp.pdbs source: random.exe, 00000000.00000002.1975311924.0000000010423000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb source: random.exe, 00000000.00000002.1836863747.000000000C66D000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1975311924.0000000010421000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1807029374.000000000B38A000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808052116.000000000B550000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1868426653.000000000D5B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbv source: random.exe, 00000000.00000002.1868426653.000000000D5B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbw source: random.exe, 00000000.00000002.1880797566.000000000DD29000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdb source: random.exe, 00000000.00000002.1952764942.000000000FC54000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1849090410.000000000CDA6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb\|& source: random.exe, 00000000.00000002.1935082319.000000000F4DD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*) source: random.exe, 00000000.00000002.1807226703.000000000B3B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdb}B source: random.exe, 00000000.00000002.1915975098.000000000ECEA000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbt source: random.exe, 00000000.00000002.1880797566.000000000DD29000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbw source: random.exe, 00000000.00000002.1952764942.000000000FC48000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1820182617.000000000BF31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbu source: random.exe, 00000000.00000002.1849090410.000000000CDA6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbv source: random.exe, 00000000.00000002.1811755692.000000000B943000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbJ source: random.exe, 00000000.00000002.1820182617.000000000BF2A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb}t source: random.exe, 00000000.00000002.1836863747.000000000C66D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbd\| source: random.exe, 00000000.00000002.1915975098.000000000ECF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbx, source: random.exe, 00000000.00000002.1952764942.000000000FC48000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1836863747.000000000C66D000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1880797566.000000000DD29000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1935082319.000000000F4DD000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1915975098.000000000ECF1000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1820182617.000000000BF31000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1807029374.000000000B38A000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1975311924.000000001041C000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1811755692.000000000B943000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808052116.000000000B550000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1897529712.000000000E55A000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1849090410.000000000CDA6000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1868426653.000000000D5B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbn source: random.exe, 00000000.00000002.1897529712.000000000E55A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbxn source: random.exe, 00000000.00000002.1836863747.000000000C679000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb}* source: random.exe, 00000000.00000002.1952764942.000000000FC54000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbmZ source: random.exe, 00000000.00000002.1897529712.000000000E55A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb\ source: random.exe, 00000000.00000002.1849828364.000000000CDCC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb`, source: random.exe, 00000000.00000002.1897529712.000000000E55A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdby\ source: random.exe, 00000000.00000002.1935082319.000000000F4E2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*/ source: random.exe, 00000000.00000002.1807226703.000000000B3B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbgP source: random.exe, 00000000.00000002.1935082319.000000000F4E2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbK source: random.exe, 00000000.00000002.1880797566.000000000DD29000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1975311924.000000001041C000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1868426653.000000000D5B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbnh source: random.exe, 00000000.00000002.1915975098.000000000ECF6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdbM source: random.exe, 00000000.00000002.1820182617.000000000BF2A000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\random.exe

Unpacked PE file: 0.2.random.exe.7a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xuvnqsmj:EW;dkjxiybl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xuvnqsmj:EW;dkjxiybl:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random.exe

Static PE information: real checksum: 0x1a3eec should be: 0x1a1b22

Source: random.exe	Static PE information: section name:
Source: random.exe	Static PE information: section name: .idata
Source: random.exe	Static PE information: section name:
Source: random.exe	Static PE information: section name: xuvnqsmj
Source: random.exe	Static PE information: section name: dkjxiybl
Source: random.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007AF7B9 push 0317EE4Dh; mov dword ptr [esp], eax	0_2_007AFB3F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007AF7B9 push 381AB607h; mov dword ptr [esp], esp	0_2_007B02E8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007AEFA4 push ecx; mov dword ptr [esp], edi	0_2_007B02D8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007F507D push 0D83F6CCh; mov dword ptr [esp], edi	0_2_007F5189
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007AF05F push eax; mov dword ptr [esp], 0D738A2Ch	0_2_007B0033
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B803B push edi; mov dword ptr [esp], ebp	0_2_007B8494
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B803B push edi; mov dword ptr [esp], 0B5E419Eh	0_2_007B853E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B803B push edx; mov dword ptr [esp], 4FDFA207h	0_2_007B854F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B803B push esi; mov dword ptr [esp], eax	0_2_007B85F7
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B803B push ecx; mov dword ptr [esp], edi	0_2_007B861F
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B803B push 7E7DC046h; mov dword ptr [esp], ecx	0_2_007B8688
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008550EF push ebp; mov dword ptr [esp], 7CF3AB3Eh	0_2_008555D5
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008550EF push esi; mov dword ptr [esp], 7E51FD92h	0_2_00855630
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008550EF push 163D4A52h; mov dword ptr [esp], eax	0_2_0085565E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008550EF push 4CF38DB2h; mov dword ptr [esp], eax	0_2_00855698
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008550EF push 6E9585C1h; mov dword ptr [esp], edx	0_2_00855760
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008550EF push eax; mov dword ptr [esp], 5EFF6E5Fh	0_2_00855765
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008550EF push edx; mov dword ptr [esp], 14554500h	0_2_00855792
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008550EF push 4F1467B9h; mov dword ptr [esp], esi	0_2_008557B3
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_008550EF push eax; mov dword ptr [esp], 77D7AB70h	0_2_008557B7
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009EE0ED push 50936820h; mov dword ptr [esp], eax	0_2_009EE134
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B100C push ecx; mov dword ptr [esp], 66606840h	0_2_007B101B
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B100C push eax; mov dword ptr [esp], 383B8545h	0_2_007B3245
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B1000 push 50E4F04Fh; mov dword ptr [esp], ecx	0_2_007B331A
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009D7002 push esi; mov dword ptr [esp], edx	0_2_009D704E
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_009D7002 push 347580C5h; mov dword ptr [esp], ecx	0_2_009D70B8
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B10DF push 76574AF1h; mov dword ptr [esp], eax	0_2_007B398C
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007B20DC push ecx; mov dword ptr [esp], esp	0_2_007B20E0
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007AF0B0 push eax; mov dword ptr [esp], esi	0_2_007AFF61
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_0098F04B push 347ED214h; mov dword ptr [esp], ebp	0_2_0098F071
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_00A2B07B push 6F072F74h; mov dword ptr [esp], eax	0_2_00A2B09F

Source: random.exe	Static PE information: section name: entropy: 7.972643769197814
Source: random.exe	Static PE information: section name: xuvnqsmj entropy: 7.953228779013761

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\random.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Window searched: window name: Regmonclass	Jump to behavior

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Users\user\Desktop\random.exe

Evasive API call chain: CreateMutex,DecisionNodes,ExitProcess

graph_0-13866

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\random.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92A42C second address: 92A432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92A432 second address: 92A436 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92A436 second address: 92A450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007FF008FD8866h 0x0000000d jbe 00007FF008FD8866h 0x00000013 jno 00007FF008FD8866h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92A749 second address: 92A74D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92AA1D second address: 92AA35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF008FD8874h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92EB49 second address: 7AE71F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xor dword ptr [esp], 7E309EDAh 0x0000000c jmp 00007FF008B8948Bh 0x00000011 push dword ptr [ebp+13B9000Dh] 0x00000017 mov edx, dword ptr [ebp+13B93344h] 0x0000001d call dword ptr [ebp+13B91D21h] 0x00000023 pushad 0x00000024 jmp 00007FF008B89499h 0x00000029 xor eax, eax 0x0000002b or dword ptr [ebp+13B91B11h], eax 0x00000031 jnl 00007FF008B89494h 0x00000037 mov edx, dword ptr [esp+28h] 0x0000003b jmp 00007FF008B8948Ch 0x00000040 mov dword ptr [ebp+13B93370h], eax 0x00000046 pushad 0x00000047 push esi 0x00000048 mov bx, di 0x0000004b pop ecx 0x0000004c add bx, 0ECDh 0x00000051 popad 0x00000052 sub dword ptr [ebp+13B91B11h], ecx 0x00000058 mov esi, 0000003Ch 0x0000005d pushad 0x0000005e xor dword ptr [ebp+13B91B11h], edi 0x00000064 mov edi, dword ptr [ebp+13B93544h] 0x0000006a popad 0x0000006b add esi, dword ptr [esp+24h] 0x0000006f jmp 00007FF008B89498h 0x00000074 lodsw 0x00000076 cld 0x00000077 jmp 00007FF008B89491h 0x0000007c add eax, dword ptr [esp+24h] 0x00000080 jg 00007FF008B89487h 0x00000086 mov ebx, dword ptr [esp+24h] 0x0000008a pushad 0x0000008b movzx edi, di 0x0000008e mov cl, al 0x00000090 popad 0x00000091 jno 00007FF008B8949Eh 0x00000097 push eax 0x00000098 pushad 0x00000099 push eax 0x0000009a push edx 0x0000009b jns 00007FF008B89486h 0x000000a1 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92EBD2 second address: 92EBD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92EBD8 second address: 92EBDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92ED07 second address: 92ED17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF008FD886Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92EE5D second address: 92EEB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jmp 00007FF008B89493h 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jnc 00007FF008B894B0h 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b push ecx 0x0000001c push edx 0x0000001d pop edx 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92EEB4 second address: 92EF11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jnc 00007FF008FD8870h 0x00000013 pop eax 0x00000014 mov si, E5C5h 0x00000018 lea ebx, dword ptr [ebp+13D13A7Eh] 0x0000001e jmp 00007FF008FD8870h 0x00000023 xchg eax, ebx 0x00000024 jl 00007FF008FD886Ah 0x0000002a push edi 0x0000002b pushad 0x0000002c popad 0x0000002d pop edi 0x0000002e push eax 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92F049 second address: 92F04E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92F04E second address: 92F055 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92F055 second address: 92F0AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FF008B89494h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 ja 00007FF008B89492h 0x00000017 mov eax, dword ptr [eax] 0x00000019 jmp 00007FF008B89494h 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 jnp 00007FF008B89494h 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 92F0AA second address: 92F0B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94FA32 second address: 94FA41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF008B8948Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 91A0A6 second address: 91A0AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 91A0AC second address: 91A0B6 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF008B89486h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94D9AB second address: 94D9BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF008FD886Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94D9BC second address: 94D9C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94D9C0 second address: 94D9D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF008FD886Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94D9D4 second address: 94D9DE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF008B89486h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94DCCE second address: 94DCEE instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF008FD8866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FF008FD8876h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94DCEE second address: 94DCFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF008B89486h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94DCFA second address: 94DCFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94DE73 second address: 94DE7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF008B89486h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94DE7D second address: 94DE83 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94E23E second address: 94E246 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94E246 second address: 94E257 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF008FD8866h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94E392 second address: 94E39D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF008B89486h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94E4FD second address: 94E52D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jbe 00007FF008FD8866h 0x0000000b jne 00007FF008FD8866h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FF008FD8876h 0x00000019 jno 00007FF008FD8866h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94E52D second address: 94E537 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF008B89486h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94E537 second address: 94E544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94E544 second address: 94E561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF008B89486h 0x0000000a jmp 00007FF008B8948Ch 0x0000000f js 00007FF008B89486h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94E6B5 second address: 94E6B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94E6B9 second address: 94E6C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF008B89486h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94E6C5 second address: 94E6CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 924296 second address: 9242E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Ch 0x00000007 push edi 0x00000008 jnc 00007FF008B89486h 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edx 0x00000012 jp 00007FF008B8949Bh 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF008B89498h 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9242E6 second address: 9242EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94EB04 second address: 94EB08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94F146 second address: 94F14C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94F14C second address: 94F155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94F155 second address: 94F159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94F2B6 second address: 94F2BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94F597 second address: 94F59D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94F59D second address: 94F5C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Fh 0x00000007 jne 00007FF008B89486h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF008B8948Fh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94F5C9 second address: 94F5CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94F5CD second address: 94F5D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94F5D1 second address: 94F5D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94F5D9 second address: 94F5EA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007FF008B89486h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94F5EA second address: 94F5F8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF008FD8866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94F5F8 second address: 94F602 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF008B89486h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 951EBE second address: 951EC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 951EC2 second address: 951ED4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FF008B89486h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 951ED4 second address: 951EDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 952FDC second address: 952FF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF008B8948Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95A292 second address: 95A298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95A298 second address: 95A29C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95A29C second address: 95A2B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF008FD8870h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 959A31 second address: 959A5E instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF008B89486h 0x00000008 jbe 00007FF008B89486h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pushad 0x00000014 popad 0x00000015 pop ecx 0x00000016 jmp 00007FF008B89497h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95A122 second address: 95A128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95A128 second address: 95A12E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95A12E second address: 95A136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D5BA second address: 95D5BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D5BE second address: 95D5E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF008FD886Ah 0x0000000e pop edx 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push edi 0x00000014 pushad 0x00000015 jo 00007FF008FD8866h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D5E0 second address: 95D608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007FF008B89492h 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 jg 00007FF008B89498h 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D608 second address: 95D60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D60C second address: 95D610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D610 second address: 95D638 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov esi, dword ptr [ebp+13B93464h] 0x0000000d call 00007FF008FD8869h 0x00000012 jmp 00007FF008FD886Ch 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D638 second address: 95D63F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D63F second address: 95D645 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D645 second address: 95D663 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF008B89486h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jg 00007FF008B89492h 0x00000016 jns 00007FF008B8948Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D663 second address: 95D66E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, dword ptr [eax] 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D66E second address: 95D68D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B89498h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D7DC second address: 95D7E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D7E1 second address: 95D7E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D7E7 second address: 95D7EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D9EE second address: 95DA06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E227 second address: 95E231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FF008FD8866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E231 second address: 95E240 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E240 second address: 95E24A instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF008FD8866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E618 second address: 95E61E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E61E second address: 95E622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E622 second address: 95E644 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF008B89497h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E732 second address: 95E74B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD886Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007FF008FD8874h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E80D second address: 95E81F instructions: 0x00000000 rdtsc 0x00000002 js 00007FF008B89486h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007FF008B89486h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E81F second address: 95E823 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E8C6 second address: 95E8DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 jg 00007FF008B89486h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E8DC second address: 95E8EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007FF008FD8866h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E989 second address: 95E98E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95E98E second address: 95E9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF008FD8866h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov si, dx 0x00000013 push eax 0x00000014 push esi 0x00000015 pushad 0x00000016 jmp 00007FF008FD8873h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95EF1C second address: 95EF26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FF008B89486h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95EF26 second address: 95EF74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8876h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push esi 0x0000000d and edi, 671C1B21h 0x00000013 pop edi 0x00000014 push 00000000h 0x00000016 or dword ptr [ebp+13B92530h], ebx 0x0000001c xor edi, dword ptr [ebp+13B9268Fh] 0x00000022 push 00000000h 0x00000024 add si, DB31h 0x00000029 push eax 0x0000002a pushad 0x0000002b jmp 00007FF008FD886Eh 0x00000030 push eax 0x00000031 push edx 0x00000032 push edi 0x00000033 pop edi 0x00000034 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95FA00 second address: 95FA0A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF008B89486h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95FA0A second address: 95FA10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95FA10 second address: 95FA14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 960954 second address: 960996 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF008FD8866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007FF008FD8868h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 push 00000000h 0x0000002a mov esi, dword ptr [ebp+13B9534Dh] 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+13D2E4AAh], edi 0x00000038 xchg eax, ebx 0x00000039 push eax 0x0000003a push edx 0x0000003b push ebx 0x0000003c pushad 0x0000003d popad 0x0000003e pop ebx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 960996 second address: 96099B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96099B second address: 9609AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c je 00007FF008FD8866h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9614D9 second address: 9614DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9611B1 second address: 9611BA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9614DF second address: 9614E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9611BA second address: 9611CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF008FD886Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9614E4 second address: 9614EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9611CE second address: 9611D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9614EA second address: 9614EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 961FE3 second address: 961FE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 962A65 second address: 962A80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF008B89497h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9627FD second address: 962802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 962802 second address: 962808 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 963FE9 second address: 96404C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF008FD886Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007FF008FD8868h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 and esi, dword ptr [ebp+13B95359h] 0x0000002b push 00000000h 0x0000002d mov esi, dword ptr [ebp+13B9340Ch] 0x00000033 push 00000000h 0x00000035 jmp 00007FF008FD8877h 0x0000003a xchg eax, ebx 0x0000003b pushad 0x0000003c pushad 0x0000003d push eax 0x0000003e pop eax 0x0000003f pushad 0x00000040 popad 0x00000041 popad 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96404C second address: 964077 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF008B89495h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 964077 second address: 96407B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96407B second address: 964081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 962808 second address: 96280C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9659F7 second address: 9659FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96333B second address: 96333F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 966AC3 second address: 966B29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push esi 0x00000008 jmp 00007FF008B8948Eh 0x0000000d pop esi 0x0000000e nop 0x0000000f mov dword ptr [ebp+13B9262Eh], edx 0x00000015 or edi, 5D537802h 0x0000001b push 00000000h 0x0000001d ja 00007FF008B89487h 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push edi 0x00000028 call 00007FF008B89488h 0x0000002d pop edi 0x0000002e mov dword ptr [esp+04h], edi 0x00000032 add dword ptr [esp+04h], 00000017h 0x0000003a inc edi 0x0000003b push edi 0x0000003c ret 0x0000003d pop edi 0x0000003e ret 0x0000003f pushad 0x00000040 jmp 00007FF008B8948Ch 0x00000045 popad 0x00000046 push eax 0x00000047 je 00007FF008B89494h 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96333F second address: 963345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 966B29 second address: 966B2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 963345 second address: 963368 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF008FD8875h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96A9AC second address: 96A9BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF008B8948Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96A9BF second address: 96A9C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96A9C3 second address: 96AA23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnc 00007FF008B8948Ah 0x0000000f nop 0x00000010 push eax 0x00000011 mov edi, dword ptr [ebp+13B93294h] 0x00000017 pop ebx 0x00000018 push 00000000h 0x0000001a mov di, 1AE6h 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push eax 0x00000023 call 00007FF008B89488h 0x00000028 pop eax 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d add dword ptr [esp+04h], 00000018h 0x00000035 inc eax 0x00000036 push eax 0x00000037 ret 0x00000038 pop eax 0x00000039 ret 0x0000003a mov dword ptr [ebp+13B91BECh], edx 0x00000040 xchg eax, esi 0x00000041 push ebx 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007FF008B89492h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96B9BC second address: 96B9C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96B9C2 second address: 96B9C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96B9C8 second address: 96BA54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8873h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007FF008FD8868h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 clc 0x00000027 add ebx, dword ptr [ebp+13B93544h] 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007FF008FD8868h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 0000001Ch 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 movsx ebx, di 0x0000004c push 00000000h 0x0000004e jmp 00007FF008FD8874h 0x00000053 xchg eax, esi 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 jbe 00007FF008FD8866h 0x0000005e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96BA54 second address: 96BA62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96BA62 second address: 96BA68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96BA68 second address: 96BA6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96BA6C second address: 96BA7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96BA7A second address: 96BA7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 967C25 second address: 967CDC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FF008FD886Eh 0x0000000c nop 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007FF008FD8868h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e mov dword ptr [ebp+13D100EBh], eax 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b mov bx, D56Ch 0x0000003f mov eax, dword ptr [ebp+13B90AA9h] 0x00000045 push 00000000h 0x00000047 push esi 0x00000048 call 00007FF008FD8868h 0x0000004d pop esi 0x0000004e mov dword ptr [esp+04h], esi 0x00000052 add dword ptr [esp+04h], 0000001Ah 0x0000005a inc esi 0x0000005b push esi 0x0000005c ret 0x0000005d pop esi 0x0000005e ret 0x0000005f mov bl, ah 0x00000061 push FFFFFFFFh 0x00000063 push ebx 0x00000064 jmp 00007FF008FD886Fh 0x00000069 pop edi 0x0000006a nop 0x0000006b jnc 00007FF008FD887Eh 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 push edx 0x00000075 je 00007FF008FD8866h 0x0000007b pop edx 0x0000007c rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96D942 second address: 96D948 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96D948 second address: 96D9B9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FF008FD8868h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 clc 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push ecx 0x0000002b call 00007FF008FD8868h 0x00000030 pop ecx 0x00000031 mov dword ptr [esp+04h], ecx 0x00000035 add dword ptr [esp+04h], 0000001Dh 0x0000003d inc ecx 0x0000003e push ecx 0x0000003f ret 0x00000040 pop ecx 0x00000041 ret 0x00000042 add ebx, dword ptr [ebp+13B93348h] 0x00000048 push 00000000h 0x0000004a and edi, 4E94FDD2h 0x00000050 xchg eax, esi 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 jg 00007FF008FD8866h 0x0000005b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96D9B9 second address: 96D9CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 969CFA second address: 969D04 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF008FD8866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96AB3F second address: 96AB43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96AB43 second address: 96ABE9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF008FD8866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e xor edi, dword ptr [ebp+13B932D0h] 0x00000014 mov ebx, dword ptr [ebp+13B93460h] 0x0000001a push dword ptr fs:[00000000h] 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 jmp 00007FF008FD8870h 0x0000002d add dword ptr [ebp+13D1DBA1h], edx 0x00000033 mov eax, dword ptr [ebp+13B9097Dh] 0x00000039 push 00000000h 0x0000003b push eax 0x0000003c call 00007FF008FD8868h 0x00000041 pop eax 0x00000042 mov dword ptr [esp+04h], eax 0x00000046 add dword ptr [esp+04h], 00000019h 0x0000004e inc eax 0x0000004f push eax 0x00000050 ret 0x00000051 pop eax 0x00000052 ret 0x00000053 mov bx, 4F36h 0x00000057 movzx ebx, di 0x0000005a push FFFFFFFFh 0x0000005c push 00000000h 0x0000005e push edi 0x0000005f call 00007FF008FD8868h 0x00000064 pop edi 0x00000065 mov dword ptr [esp+04h], edi 0x00000069 add dword ptr [esp+04h], 0000001Ch 0x00000071 inc edi 0x00000072 push edi 0x00000073 ret 0x00000074 pop edi 0x00000075 ret 0x00000076 nop 0x00000077 push eax 0x00000078 push edx 0x00000079 push eax 0x0000007a push edx 0x0000007b jmp 00007FF008FD886Fh 0x00000080 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96ABE9 second address: 96ABED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96ABED second address: 96ABF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96ABF3 second address: 96AC17 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF008B89499h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9729A7 second address: 9729AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9729AC second address: 9729B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9729B2 second address: 972A3E instructions: 0x00000000 rdtsc 0x00000002 js 00007FF008FD8866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f clc 0x00000010 push 00000000h 0x00000012 add edi, 26C9EE8Bh 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007FF008FD8868h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 0000001Dh 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 call 00007FF008FD8877h 0x00000039 jmp 00007FF008FD8878h 0x0000003e pop ebx 0x0000003f mov ebx, 14866FA9h 0x00000044 xchg eax, esi 0x00000045 jmp 00007FF008FD8871h 0x0000004a push eax 0x0000004b push ecx 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96BC63 second address: 96BC69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96FCE9 second address: 96FCED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 972C3F second address: 972C43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 972C43 second address: 972C51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 972C51 second address: 972C57 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 973AC5 second address: 973AE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FF008FD8868h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF008FD8870h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 973BCD second address: 973BD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 974C14 second address: 974C30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8878h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 977CBA second address: 977CC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 91F249 second address: 91F253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push edx 0x00000006 pop edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 97C758 second address: 97C75E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 97C75E second address: 97C763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 97C763 second address: 97C769 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 984297 second address: 98429C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 989034 second address: 989038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 989038 second address: 989087 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FF008FD8875h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c pushad 0x0000000d jo 00007FF008FD8885h 0x00000013 jg 00007FF008FD8866h 0x00000019 jmp 00007FF008FD8879h 0x0000001e push ebx 0x0000001f jl 00007FF008FD8866h 0x00000025 push edx 0x00000026 pop edx 0x00000027 pop ebx 0x00000028 push esi 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 988764 second address: 98876A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 988A16 second address: 988A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 988A1A second address: 988A40 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF008B89486h 0x00000008 jns 00007FF008B89486h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007FF008B89496h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 988E87 second address: 988E9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF008FD8872h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 988E9E second address: 988EB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF008B8948Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jc 00007FF008B89486h 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 98F3E7 second address: 98F3EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 98F3EB second address: 98F3EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 98F3EF second address: 98F401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FF008FD886Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 98F401 second address: 98F40B instructions: 0x00000000 rdtsc 0x00000002 je 00007FF008B8948Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 911B18 second address: 911B1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 98E1C3 second address: 98E1C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 98E1C9 second address: 98E1CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 98E1CF second address: 98E1D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 98E1D9 second address: 98E201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF008FD8877h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007FF008FD8866h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 98E201 second address: 98E218 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF008B8948Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 98E3AA second address: 98E3B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FF008FD8866h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 962823 second address: 962827 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 98F0D4 second address: 98F0D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 98F0D8 second address: 98F0E2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF008B89486h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9228B4 second address: 9228BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF008FD8866h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 91BBD2 second address: 91BBD9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 91BBD9 second address: 91BBF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF008FD8871h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 91BBF1 second address: 91BC11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF008B89494h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 91BC11 second address: 91BC19 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 91BC19 second address: 91BC2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007FF008B89486h 0x00000009 jbe 00007FF008B89486h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 999BE8 second address: 999BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 999BF3 second address: 999BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 999BF9 second address: 999BFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 999BFD second address: 999C18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF008B89491h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 999C18 second address: 999C32 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF008FD8866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007FF008FD8866h 0x00000014 jne 00007FF008FD8866h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 999C32 second address: 999C40 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF008B89486h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 999C40 second address: 999C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 999F16 second address: 999F1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99A1E3 second address: 99A1FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FF008FD8872h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99A5E5 second address: 99A640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FF008B89486h 0x0000000a jmp 00007FF008B8948Ch 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007FF008B89498h 0x00000018 jmp 00007FF008B89499h 0x0000001d push edi 0x0000001e pop edi 0x0000001f popad 0x00000020 jc 00007FF008B89488h 0x00000026 pushad 0x00000027 popad 0x00000028 push edi 0x00000029 pushad 0x0000002a popad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99A640 second address: 99A654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007FF008FD8868h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push ecx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99A797 second address: 99A79F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99A79F second address: 99A7F1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FF008FD8879h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b jmp 00007FF008FD886Bh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 ja 00007FF008FD8884h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 94663B second address: 946683 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007FF008B89497h 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pushad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FF008B89492h 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d jg 00007FF008B89488h 0x00000023 pushad 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 946683 second address: 946690 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99ACE0 second address: 99ACE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99ACE4 second address: 99ACE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99ACE8 second address: 99ACEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99ACEE second address: 99ACF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99ACF4 second address: 99AD3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Ah 0x00000007 jmp 00007FF008B89496h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jnp 00007FF008B894BDh 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 pop esi 0x00000018 jmp 00007FF008B89499h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99AD3B second address: 99AD4F instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF008FD8866h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007FF008FD886Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95BF1E second address: 95BF28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95C53E second address: 95C542 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95C542 second address: 95C577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jne 00007FF008B8948Eh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jmp 00007FF008B8948Bh 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FF008B8948Ch 0x00000020 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95C577 second address: 95C57C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95C65C second address: 95C662 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95C703 second address: 95C70D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95C70D second address: 95C711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95C711 second address: 95C715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95C7FA second address: 95C800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95C800 second address: 95C804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95C804 second address: 95C82A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF008B89494h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95CA80 second address: 95CA85 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95CE03 second address: 95CE09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95CE09 second address: 95CE0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95CE0D second address: 95CE1F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF008B89486h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95CE1F second address: 95CE24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95CE24 second address: 95CE64 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007FF008B89488h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 mov dx, di 0x00000026 push 0000001Eh 0x00000028 mov cl, 84h 0x0000002a mov edi, dword ptr [ebp+13B934C4h] 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push ecx 0x00000034 push eax 0x00000035 pop eax 0x00000036 pop ecx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95CFFA second address: 95CFFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95CFFE second address: 95D004 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95D221 second address: 94663B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD886Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov edx, edi 0x0000000e lea eax, dword ptr [ebp+13D40D1Eh] 0x00000014 jnp 00007FF008FD8869h 0x0000001a nop 0x0000001b jmp 00007FF008FD8872h 0x00000020 push eax 0x00000021 jno 00007FF008FD8874h 0x00000027 nop 0x00000028 jp 00007FF008FD8872h 0x0000002e jg 00007FF008FD886Ch 0x00000034 jnc 00007FF008FD886Ch 0x0000003a call dword ptr [ebp+13B9315Ch] 0x00000040 js 00007FF008FD8891h 0x00000046 push eax 0x00000047 push edx 0x00000048 jno 00007FF008FD8866h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99EB66 second address: 99EB8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 jnp 00007FF008B89486h 0x0000000d jmp 00007FF008B89495h 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99ECE0 second address: 99ECE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99ECE4 second address: 99ED0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jbe 00007FF008B89486h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF008B89493h 0x00000013 jo 00007FF008B89486h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99EE70 second address: 99EE75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99EE75 second address: 99EE7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99EE7D second address: 99EEB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF008FD8878h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF008FD8873h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99EEB2 second address: 99EEDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Fh 0x00000007 jne 00007FF008B89486h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF008B8948Eh 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 99EEDD second address: 99EF01 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF008FD8866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007FF008FD8871h 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9A6884 second address: 9A688B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9A69E1 second address: 9A69F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF008FD886Eh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9A90FA second address: 9A9104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9AD88D second address: 9AD8A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF008FD886Dh 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9AD8A0 second address: 9AD8B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FF008B894A0h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9AD8B4 second address: 9AD8BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9AD8BA second address: 9AD8BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B0C6C second address: 9B0C82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF008FD8872h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B0C82 second address: 9B0CA0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF008B89486h 0x00000008 jnc 00007FF008B89486h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007FF008B89486h 0x00000018 je 00007FF008B89486h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B0661 second address: 9B0690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pushad 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007FF008FD8876h 0x0000000f jmp 00007FF008FD886Ah 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B0690 second address: 9B0696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B0978 second address: 9B097C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B097C second address: 9B099A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF008B89492h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B4F6F second address: 9B4F73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B4F73 second address: 9B4F88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a pushad 0x0000000b jg 00007FF008B89486h 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B4F88 second address: 9B4F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B50EB second address: 9B50F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FF008B89486h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B526F second address: 9B5274 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B552D second address: 9B5547 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B5547 second address: 9B554B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 95CD2D second address: 95CD35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B585C second address: 9B5860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B5860 second address: 9B5864 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9B6493 second address: 9B6497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9BBF8F second address: 9BBFB2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 je 00007FF008B89486h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FF008B89493h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9BBFB2 second address: 9BBFB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9BC0EA second address: 9BC109 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007FF008B89486h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FF008B8948Bh 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9BC109 second address: 9BC10F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9BC10F second address: 9BC113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9BC113 second address: 9BC117 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9BC3F0 second address: 9BC43C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF008B89490h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007FF008B8949Bh 0x00000011 jp 00007FF008B89486h 0x00000017 jmp 00007FF008B8948Fh 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FF008B89499h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9BD59B second address: 9BD5A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C3426 second address: 9C342A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C7278 second address: 9C727C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C63AB second address: 9C63AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C63AF second address: 9C63D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF008FD8872h 0x0000000e jmp 00007FF008FD886Bh 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C63D6 second address: 9C63E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jg 00007FF008B89486h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C6529 second address: 9C652D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C652D second address: 9C654A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF008B89486h 0x00000008 jmp 00007FF008B8948Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C654A second address: 9C654E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C654E second address: 9C6552 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C6552 second address: 9C6558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C6558 second address: 9C655F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C655F second address: 9C656C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FF008FD8866h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C68C3 second address: 9C68C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C68C7 second address: 9C68CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C6E44 second address: 9C6E4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C6E4A second address: 9C6E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9C6E55 second address: 9C6E5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CD4F1 second address: 9CD559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF008FD8879h 0x00000009 pop edi 0x0000000a jmp 00007FF008FD8877h 0x0000000f pushad 0x00000010 jbe 00007FF008FD8866h 0x00000016 pushad 0x00000017 popad 0x00000018 push edx 0x00000019 pop edx 0x0000001a popad 0x0000001b jnc 00007FF008FD8882h 0x00000021 popad 0x00000022 pushad 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CD559 second address: 9CD584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FF008B89492h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f jnp 00007FF008B89486h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jc 00007FF008B89486h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CD6E5 second address: 9CD6EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CD9CD second address: 9CD9DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007FF008B89486h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CDDA0 second address: 9CDDA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CDDA6 second address: 9CDDAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CDDAC second address: 9CDDC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8872h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CDDC2 second address: 9CDDCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CE672 second address: 9CE678 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CE678 second address: 9CE696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF008B89499h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CE696 second address: 9CE6C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8875h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007FF008FD8884h 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jo 00007FF008FD8866h 0x00000018 push eax 0x00000019 pop eax 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CE6C5 second address: 9CE6C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CE6C9 second address: 9CE6CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CCCC6 second address: 9CCCCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CCCCC second address: 9CCCD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9CCCD5 second address: 9CCCDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9D79AB second address: 9D79B0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9D79B0 second address: 9D79D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF008B8948Dh 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF008B89494h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9D79D8 second address: 9D79DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9D73E9 second address: 9D7403 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF008B89491h 0x00000008 jmp 00007FF008B8948Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9D7403 second address: 9D740D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF008FD8866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9D740D second address: 9D7411 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9D76B2 second address: 9D76B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9D76B8 second address: 9D76C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9E1C19 second address: 9E1C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9E1C1F second address: 9E1C2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnc 00007FF008B8948Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9E1C2C second address: 9E1C30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9E1C30 second address: 9E1C35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 925D80 second address: 925D86 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9EA615 second address: 9EA61B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9EA61B second address: 9EA625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF008FD8866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9EEE91 second address: 9EEE99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9EEE99 second address: 9EEEB4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD886Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007FF008FD8866h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9EEEB4 second address: 9EEEB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A01258 second address: A0125C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9FFEFD second address: 9FFF05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9FFF05 second address: 9FFF09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9FFF09 second address: 9FFF2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007FF008B89486h 0x00000010 js 00007FF008B89486h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 9FFF2E second address: 9FFF41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 jne 00007FF008FD8866h 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A0009F second address: A000AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A000AC second address: A000C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF008FD8873h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A005DC second address: A00611 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B89494h 0x00000007 jno 00007FF008B89486h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edi 0x00000010 pushad 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 jmp 00007FF008B8948Eh 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A00F7F second address: A00F85 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A00F85 second address: A00F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A03A5F second address: A03A69 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF008FD886Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A0ACD3 second address: A0ACDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A0ACDA second address: A0AD08 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FF008FD886Dh 0x00000011 pop esi 0x00000012 pushad 0x00000013 jmp 00007FF008FD8871h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A0C479 second address: A0C483 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF008B89486h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A0C483 second address: A0C4A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FF008FD8877h 0x0000000c pop eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A0C324 second address: A0C32E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF008B89486h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A11EC0 second address: A11EC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A11EC9 second address: A11ED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF008B8948Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A11ED8 second address: A11EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A11EDC second address: A11EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A149DF second address: A149E5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A215C5 second address: A21601 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FF008B89495h 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007FF008B89486h 0x00000015 jmp 00007FF008B89497h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A2324D second address: A23257 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF008FD8866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A23257 second address: A2326B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FF008B89486h 0x0000000a jmp 00007FF008B8948Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A2326B second address: A2327C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jg 00007FF008FD8866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A2B5B9 second address: A2B5BF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A2FA97 second address: A2FA9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A2FDD6 second address: A2FE08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007FF008B89498h 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A300EC second address: A300F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: A315BB second address: A315D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B89493h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A10D51 second address: 4A10D63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF008FD886Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A10CAC second address: 4A10CB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20185 second address: 4A201E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF008FD886Fh 0x00000009 adc si, 6E9Eh 0x0000000e jmp 00007FF008FD8879h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b call 00007FF008FD886Fh 0x00000020 pop ecx 0x00000021 jmp 00007FF008FD8879h 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A201E8 second address: 4A20274 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF008B89497h 0x00000009 or ch, FFFFFFBEh 0x0000000c jmp 00007FF008B89499h 0x00000011 popfd 0x00000012 jmp 00007FF008B89490h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [esp], ebp 0x0000001d pushad 0x0000001e mov al, F5h 0x00000020 pushfd 0x00000021 jmp 00007FF008B89493h 0x00000026 add ax, 097Eh 0x0000002b jmp 00007FF008B89499h 0x00000030 popfd 0x00000031 popad 0x00000032 mov ebp, esp 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 mov ch, 9Eh 0x00000039 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20274 second address: 4A2029B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD886Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF008FD8870h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A10EF6 second address: 4A10F2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B89491h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF008B89491h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov cx, bx 0x00000016 mov edx, 0C0B076Ah 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A10F2A second address: 4A10F6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FF008FD886Eh 0x00000008 pop esi 0x00000009 movsx edx, si 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 mov edx, eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushfd 0x00000017 jmp 00007FF008FD8872h 0x0000001c and ecx, 7AEB2E88h 0x00000022 jmp 00007FF008FD886Bh 0x00000027 popfd 0x00000028 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A10F6E second address: 4A10F8B instructions: 0x00000000 rdtsc 0x00000002 mov cx, 96FFh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF008B89491h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A10F8B second address: 4A10F9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF008FD886Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A31859 second address: 4A3185F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3185F second address: 4A31863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A31992 second address: 4A319A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF008B89492h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A319A8 second address: 4A31A01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD886Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FF07A1AB832h 0x00000011 jmp 00007FF008FD8876h 0x00000016 cmp dword ptr [ebp+08h], 00002000h 0x0000001d pushad 0x0000001e pushad 0x0000001f movzx eax, bx 0x00000022 jmp 00007FF008FD8879h 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a mov cx, E97Dh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A10C44 second address: 4A10C4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A202D2 second address: 4A20324 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF008FD8871h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007FF008FD886Eh 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 mov edi, eax 0x0000001a mov ebx, esi 0x0000001c popad 0x0000001d xchg eax, esi 0x0000001e pushad 0x0000001f mov ch, BDh 0x00000021 push eax 0x00000022 push edx 0x00000023 call 00007FF008FD886Dh 0x00000028 pop esi 0x00000029 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20324 second address: 4A20344 instructions: 0x00000000 rdtsc 0x00000002 mov esi, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF008B89494h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20344 second address: 4A20353 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD886Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20353 second address: 4A2036D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xchg eax, esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF008B8948Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A2036D second address: 4A20371 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20371 second address: 4A20377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20377 second address: 4A2037D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A2037D second address: 4A20381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20381 second address: 4A20385 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20385 second address: 4A20437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+0Ch] 0x0000000b jmp 00007FF008B8948Ah 0x00000010 test esi, esi 0x00000012 jmp 00007FF008B89490h 0x00000017 je 00007FF079D77491h 0x0000001d jmp 00007FF008B89490h 0x00000022 cmp dword ptr [75C7459Ch], 05h 0x00000029 pushad 0x0000002a mov edi, esi 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007FF008B89498h 0x00000033 sbb cx, 7368h 0x00000038 jmp 00007FF008B8948Bh 0x0000003d popfd 0x0000003e mov ebx, esi 0x00000040 popad 0x00000041 popad 0x00000042 je 00007FF079D8F522h 0x00000048 jmp 00007FF008B89492h 0x0000004d xchg eax, esi 0x0000004e pushad 0x0000004f mov ax, dx 0x00000052 popad 0x00000053 push eax 0x00000054 jmp 00007FF008B89496h 0x00000059 xchg eax, esi 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20437 second address: 4A2043B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A2043B second address: 4A20441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20469 second address: 4A2046D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A2046D second address: 4A20473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20473 second address: 4A204BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD886Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushfd 0x00000010 jmp 00007FF008FD8873h 0x00000015 or si, 242Eh 0x0000001a jmp 00007FF008FD8879h 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A204BF second address: 4A20502 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 7C404342h 0x00000008 pushfd 0x00000009 jmp 00007FF008B89493h 0x0000000e jmp 00007FF008B89493h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FF008B8948Bh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20502 second address: 4A2051F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A2051F second address: 4A20524 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A2054F second address: 4A20555 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A20555 second address: 4A20559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 96064D second address: 960651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A40038 second address: 4A40071 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B89491h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF008B89491h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF008B8948Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A40071 second address: 4A40096 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD886Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov edi, eax 0x00000010 jmp 00007FF008FD886Eh 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A40096 second address: 4A400DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jmp 00007FF008B89499h 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 call 00007FF008B89493h 0x0000001b pop ecx 0x0000001c mov ax, bx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A400DE second address: 4A400E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A400E4 second address: 4A400E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A400E8 second address: 4A40105 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD886Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 3535CFB5h 0x00000010 pushad 0x00000011 movsx edx, ax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A40105 second address: 4A40186 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF008B89492h 0x00000008 sub esi, 6EEDF8F8h 0x0000000e jmp 00007FF008B8948Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 add dword ptr [esp], 4077307Bh 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FF008B89494h 0x00000025 adc ecx, 46195358h 0x0000002b jmp 00007FF008B8948Bh 0x00000030 popfd 0x00000031 push eax 0x00000032 push edx 0x00000033 pushfd 0x00000034 jmp 00007FF008B89496h 0x00000039 xor ch, FFFFFFB8h 0x0000003c jmp 00007FF008B8948Bh 0x00000041 popfd 0x00000042 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A40258 second address: 4A402BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [ebp-04h], 00000000h 0x0000000d jmp 00007FF008FD886Eh 0x00000012 test ebx, ebx 0x00000014 pushad 0x00000015 push eax 0x00000016 call 00007FF008FD886Dh 0x0000001b pop ecx 0x0000001c pop ebx 0x0000001d mov bx, si 0x00000020 popad 0x00000021 je 00007FF07A03B683h 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FF008FD8872h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A402BA second address: 4A402C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A402C9 second address: 4A40335 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF008FD886Fh 0x00000009 sbb ax, D72Eh 0x0000000e jmp 00007FF008FD8879h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 lea eax, dword ptr [ebp-00000110h] 0x0000001f jmp 00007FF008FD886Ch 0x00000024 nop 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 mov di, 08C0h 0x0000002c call 00007FF008FD8879h 0x00000031 pop eax 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A40335 second address: 4A4033B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A4033B second address: 4A4033F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A4033F second address: 4A40381 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B89498h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FF008B8948Bh 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FF008B89495h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A40381 second address: 4A40387 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A404C8 second address: 4A404CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A404CC second address: 4A404E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A404E9 second address: 4A40514 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 36509C72h 0x00000008 movsx ebx, cx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007FF008B89495h 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A40514 second address: 4A40518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A40518 second address: 4A4051E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A4051E second address: 4A40552 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8872h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea ecx, dword ptr [ebx+04h] 0x0000000c pushad 0x0000000d mov cl, F7h 0x0000000f mov ax, dx 0x00000012 popad 0x00000013 push 00000027h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FF008FD8870h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A40596 second address: 4A4059C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A4059C second address: 4A405B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD886Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A405B5 second address: 4A405D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B89497h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30028 second address: 4A30065 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FF008FD8871h 0x00000008 pop ecx 0x00000009 mov edx, 510A4924h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xchg eax, ebp 0x00000012 jmp 00007FF008FD8873h 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c movsx ebx, ax 0x0000001f mov dx, si 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30065 second address: 4A30098 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 26h 0x00000005 call 00007FF008B89490h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e and esp, FFFFFFF8h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF008B89493h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30098 second address: 4A300B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A300B5 second address: 4A30117 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 movsx edx, ax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c sub esp, 00000364h 0x00000012 jmp 00007FF008B89492h 0x00000017 mov eax, dword ptr [75C74538h] 0x0000001c jmp 00007FF008B89490h 0x00000021 xor eax, esp 0x00000023 jmp 00007FF008B89491h 0x00000028 mov dword ptr [esp+00000360h], eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FF008B8948Dh 0x00000036 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30117 second address: 4A3012F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, bh 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF008FD886Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3012F second address: 4A30135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30135 second address: 4A30156 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD886Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF008FD886Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30156 second address: 4A3015A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3015A second address: 4A30160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30160 second address: 4A3016A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 7B095351h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3016A second address: 4A30189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebx 0x00000008 pushad 0x00000009 mov edx, esi 0x0000000b mov ecx, 1E9373CBh 0x00000010 popad 0x00000011 mov ebx, dword ptr [ebp+08h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov edi, 413B103Eh 0x0000001c mov esi, ebx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30189 second address: 4A30259 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B89490h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b mov edi, esi 0x0000000d call 00007FF008B8948Ah 0x00000012 mov edi, ecx 0x00000014 pop esi 0x00000015 popad 0x00000016 push eax 0x00000017 pushad 0x00000018 mov edi, eax 0x0000001a push ecx 0x0000001b call 00007FF008B89495h 0x00000020 pop eax 0x00000021 pop edx 0x00000022 popad 0x00000023 xchg eax, esi 0x00000024 jmp 00007FF008B8948Ch 0x00000029 mov esi, dword ptr [ebp+10h] 0x0000002c pushad 0x0000002d pushad 0x0000002e call 00007FF008B89493h 0x00000033 pop esi 0x00000034 popad 0x00000035 pushfd 0x00000036 jmp 00007FF008B89499h 0x0000003b or ecx, 66570E96h 0x00000041 jmp 00007FF008B89491h 0x00000046 popfd 0x00000047 popad 0x00000048 xchg eax, edi 0x00000049 jmp 00007FF008B8948Eh 0x0000004e push eax 0x0000004f jmp 00007FF008B8948Bh 0x00000054 xchg eax, edi 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007FF008B89495h 0x0000005c rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30259 second address: 4A302E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub edi, edi 0x0000000b jmp 00007FF008FD8877h 0x00000010 mov eax, dword ptr [esi] 0x00000012 pushad 0x00000013 mov ebx, eax 0x00000015 pushfd 0x00000016 jmp 00007FF008FD8870h 0x0000001b add esi, 0AF08DD8h 0x00000021 jmp 00007FF008FD886Bh 0x00000026 popfd 0x00000027 popad 0x00000028 lea ecx, dword ptr [esi+04h] 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007FF008FD886Bh 0x00000034 or ax, F09Eh 0x00000039 jmp 00007FF008FD8879h 0x0000003e popfd 0x0000003f mov bx, cx 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A302E5 second address: 4A302EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A302EB second address: 4A30338 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD886Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp eax, 04h 0x0000000e jmp 00007FF008FD8876h 0x00000013 jbe 00007FF008FD8ABEh 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FF008FD8877h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30338 second address: 4A3035E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B89499h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add eax, FFFFFFFCh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3035E second address: 4A30362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30362 second address: 4A30368 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30368 second address: 4A3037A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, cx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3037A second address: 4A3037E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3037E second address: 4A30384 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30384 second address: 4A3038A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3038A second address: 4A303B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8876h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FF008FD886Bh 0x00000011 nop 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 movzx ecx, dx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A303B9 second address: 4A30434 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF008B89497h 0x00000008 sub ch, 0000003Eh 0x0000000b jmp 00007FF008B89499h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushfd 0x00000014 jmp 00007FF008B89490h 0x00000019 and cl, 00000038h 0x0000001c jmp 00007FF008B8948Bh 0x00000021 popfd 0x00000022 popad 0x00000023 xchg eax, edi 0x00000024 jmp 00007FF008B89496h 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d push ecx 0x0000002e pop edx 0x0000002f movzx eax, di 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30434 second address: 4A3043A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3043A second address: 4A304DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FF008B89496h 0x00000010 jmp 00007FF008B89495h 0x00000015 popfd 0x00000016 pushad 0x00000017 mov di, ax 0x0000001a mov dx, si 0x0000001d popad 0x0000001e popad 0x0000001f xchg eax, ecx 0x00000020 pushad 0x00000021 call 00007FF008B89492h 0x00000026 mov si, 7291h 0x0000002a pop ecx 0x0000002b mov al, dl 0x0000002d popad 0x0000002e push eax 0x0000002f pushad 0x00000030 jmp 00007FF008B8948Fh 0x00000035 pushad 0x00000036 movzx eax, di 0x00000039 mov bx, D756h 0x0000003d popad 0x0000003e popad 0x0000003f xchg eax, ecx 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 mov bx, ax 0x00000046 pushfd 0x00000047 jmp 00007FF008B89492h 0x0000004c sub si, 1978h 0x00000051 jmp 00007FF008B8948Bh 0x00000056 popfd 0x00000057 popad 0x00000058 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A304DD second address: 4A304F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF008FD8874h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A304F5 second address: 4A304F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30537 second address: 4A3053D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3053D second address: 4A30541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30541 second address: 4A305AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8877h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add esp, 0Ch 0x0000000e jmp 00007FF008FD8876h 0x00000013 mov dword ptr [esp+20h], 00000348h 0x0000001b jmp 00007FF008FD8870h 0x00000020 test ebx, ebx 0x00000022 jmp 00007FF008FD8870h 0x00000027 jne 00007FF07A1C76CBh 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A305AD second address: 4A305B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A305B1 second address: 4A305B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A305B5 second address: 4A305BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A305BB second address: 4A305FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8874h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+14h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF008FD886Eh 0x00000013 and si, CEE8h 0x00000018 jmp 00007FF008FD886Bh 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A305FB second address: 4A3061E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B89494h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a lea eax, dword ptr [esp+24h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3061E second address: 4A30622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30622 second address: 4A30626 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30626 second address: 4A3062C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3062C second address: 4A30632 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30632 second address: 4A30636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30636 second address: 4A30677 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a mov bx, ax 0x0000000d push ecx 0x0000000e pushfd 0x0000000f jmp 00007FF008B8948Bh 0x00000014 or eax, 5FC6BC3Eh 0x0000001a jmp 00007FF008B89499h 0x0000001f popfd 0x00000020 pop ecx 0x00000021 popad 0x00000022 push eax 0x00000023 pushad 0x00000024 push ecx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A30677 second address: 4A306AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FF008FD8876h 0x0000000a popad 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF008FD8877h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A306AD second address: 4A306EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FF008B8948Fh 0x00000008 pop eax 0x00000009 mov dh, 55h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push dword ptr [ebp+0Ch] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushfd 0x00000015 jmp 00007FF008B8948Ch 0x0000001a xor eax, 60A38D28h 0x00000020 jmp 00007FF008B8948Bh 0x00000025 popfd 0x00000026 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A3077F second address: 4A30784 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A100DF second address: 4A100E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A100E3 second address: 4A100E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A100E9 second address: 4A1012D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8948Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 31B763F9h 0x00000010 jmp 00007FF008B89490h 0x00000015 mov eax, dword ptr fs:[00000000h] 0x0000001b jmp 00007FF008B89490h 0x00000020 nop 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A1012D second address: 4A10131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A10131 second address: 4A10135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A10135 second address: 4A1013B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A1013B second address: 4A101A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, dx 0x00000006 mov ecx, ebx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FF008B89498h 0x00000011 nop 0x00000012 jmp 00007FF008B89490h 0x00000017 sub esp, 1Ch 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FF008B8948Eh 0x00000021 sub cx, 4A88h 0x00000026 jmp 00007FF008B8948Bh 0x0000002b popfd 0x0000002c push esi 0x0000002d pushad 0x0000002e popad 0x0000002f pop edx 0x00000030 popad 0x00000031 xchg eax, ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 mov edi, 332433D0h 0x0000003a mov ch, dh 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A101A5 second address: 4A101AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A101AB second address: 4A101C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF008B8948Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A101C5 second address: 4A101DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF008FD8874h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A101DD second address: 4A101E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A101E1 second address: 4A101F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF008FD886Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A101F6 second address: 4A10297 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF008B89491h 0x00000009 jmp 00007FF008B8948Bh 0x0000000e popfd 0x0000000f movzx ecx, bx 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ebx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FF008B8948Eh 0x0000001d sub eax, 61B56F38h 0x00000023 jmp 00007FF008B8948Bh 0x00000028 popfd 0x00000029 mov esi, 3D84B16Fh 0x0000002e popad 0x0000002f mov dword ptr [esp], esi 0x00000032 pushad 0x00000033 mov ax, 5F67h 0x00000037 mov bl, cl 0x00000039 popad 0x0000003a push esi 0x0000003b jmp 00007FF008B89494h 0x00000040 mov dword ptr [esp], edi 0x00000043 jmp 00007FF008B89490h 0x00000048 mov eax, dword ptr [76FBB370h] 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FF008B89497h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A10297 second address: 4A10302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008FD8879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [ebp-08h], eax 0x0000000c pushad 0x0000000d movzx eax, dx 0x00000010 movsx edi, ax 0x00000013 popad 0x00000014 xor eax, ebp 0x00000016 jmp 00007FF008FD8871h 0x0000001b nop 0x0000001c pushad 0x0000001d mov bx, si 0x00000020 push eax 0x00000021 push edx 0x00000022 pushfd 0x00000023 jmp 00007FF008FD8876h 0x00000028 adc esi, 10A81248h 0x0000002e jmp 00007FF008FD886Bh 0x00000033 popfd 0x00000034 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A10302 second address: 4A1039D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B89498h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c call 00007FF008B89491h 0x00000011 call 00007FF008B89490h 0x00000016 pop eax 0x00000017 pop edi 0x00000018 pushfd 0x00000019 jmp 00007FF008B89490h 0x0000001e or cl, 00000038h 0x00000021 jmp 00007FF008B8948Bh 0x00000026 popfd 0x00000027 popad 0x00000028 nop 0x00000029 jmp 00007FF008B89496h 0x0000002e lea eax, dword ptr [ebp-10h] 0x00000031 jmp 00007FF008B89490h 0x00000036 mov dword ptr fs:[00000000h], eax 0x0000003c pushad 0x0000003d mov bx, cx 0x00000040 push eax 0x00000041 push edx 0x00000042 mov ch, 7Dh 0x00000044 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A1039D second address: 4A103B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov esi, dword ptr [ebp+08h] 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF008FD886Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A103B1 second address: 4A103B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A103B7 second address: 4A103D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF008FD8874h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A103D8 second address: 4A103EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF008CE334Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exe	RDTSC instruction interceptor: First address: 4A103EA second address: 4A1044D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF008B8736Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FF008B8736Bh 0x00000016 sub ch, 0000007Eh 0x00000019 jmp 00007FF008B87379h 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007FF008B87370h 0x00000025 xor ecx, 08C8B078h 0x0000002b jmp 00007FF008B8736Bh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\random.exe	Special instruction interceptor: First address: 7AE7A5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\random.exe	Special instruction interceptor: First address: 7AE68C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\random.exe	Special instruction interceptor: First address: 977D2B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\random.exe	Special instruction interceptor: First address: 9D99FB instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\random.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_007AE646 rdtsc

0_2_007AE646

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007A1000 FindFirstFileW,FindNextFileW,	0_2_007A1000
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007A1DC9 FindFirstFileW,FindNextFileW,	0_2_007A1DC9
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007A4EB2 FindFirstFileW,FindNextFileW,	0_2_007A4EB2
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007A4145 FindFirstFileW,FindNextFileW,	0_2_007A4145
Source: C:\Users\user\Desktop\random.exe	Code function: 0_2_007A3F87 FindFirstFileW,FindNextFileW,	0_2_007A3F87

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_007A20E1 GetSystemInfo,GlobalMemoryStatusEx,

0_2_007A20E1

Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies	Jump to behavior

Source: random.exe, random.exe, 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: random.exe, 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: random.exe, 00000000.00000002.1806167246.000000000B1A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\random.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\random.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\random.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\random.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\random.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\random.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\random.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\random.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\random.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\random.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\random.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\random.exe	File opened: NTICE
Source: C:\Users\user\Desktop\random.exe	File opened: SICE
Source: C:\Users\user\Desktop\random.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\random.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_007AE646 rdtsc

0_2_007AE646

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: random.exe, random.exe, 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: MProgram Manager

Source: C:\Users\user\Desktop\random.exe

Code function: 0_2_007A20E1 cpuid

0_2_007A20E1

Stealing of Sensitive Information

Yara detected Poverty Stealer

Source: Yara match	File source: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1664938912.0000000004880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: random.exe PID: 7428, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\random.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Remote Access Functionality

Yara detected Poverty Stealer

Source: Yara match	File source: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1664938912.0000000004880000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: random.exe PID: 7428, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	23 Virtualization/Sandbox Evasion	1 OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	23 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Data from Local System	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	2 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	213 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
random.exe	39%	ReversingLabs	Win32.Trojan.Generic
random.exe	100%	Avira	TR/Crypt.TPM.Gen
random.exe	100%	Joe Sandbox ML

Name	Source	Malicious	Reputation
https://ac.ecosia.org/autocomplete?q=	random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	false	high
https://duckduckgo.com/chrome_newtab	random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp	false	high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	false	high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	false	high
https://duckduckgo.com/ac/?q=	random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.ecosia.org/newtab/	random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	false	high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	false	high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	random.exe, 00000000.00000002.1898709648.000000000E68E000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000003.1692148797.000000000B3CC000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1809835023.000000000B791000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1882417609.000000000DE78000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1853616875.000000000CED4000.00000004.00000020.00020000.00000000.sdmp, random.exe, 00000000.00000002.1808377485.000000000B5BE000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.244.212.106	unknown	Romania		9009	M247GB	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582369
Start date and time:	2024-12-30 12:11:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	random.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/0@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 52.149.20.212
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
VT rate limit hit for: random.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
185.244.212.106	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Poverty Stealer, RHADAMANTHYS, Xmrig	Browse
	file.exe	Get hash	malicious	PureCrypter, Amadey, Cerbfyne Stealer, Credential Flusher, Cryptbot, LummaC Stealer, Poverty Stealer	Browse
	file.exe	Get hash	malicious	Poverty Stealer	Browse
	file.exe	Get hash	malicious	Poverty Stealer	Browse
	file.exe	Get hash	malicious	Poverty Stealer	Browse
	j95Whg3AY1.exe	Get hash	malicious	Poverty Stealer	Browse
	F7fahhucBo.exe	Get hash	malicious	Poverty Stealer	Browse
	IxE6TjWjRM.exe	Get hash	malicious	Poverty Stealer	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
M247GB	mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	45.88.100.158
	db0fa4b8db0333367e9bda3ab68b8042.i686.elf	Get hash	malicious	Mirai, Gafgyt	Browse	213.109.189.115
	UD3cS4ODWz.exe	Get hash	malicious	Unknown	Browse	185.156.175.43
	nXNMsYXFFc.exe	Get hash	malicious	Unknown	Browse	185.156.175.43
	UD3cS4ODWz.exe	Get hash	malicious	Unknown	Browse	185.156.175.43
	nXNMsYXFFc.exe	Get hash	malicious	Unknown	Browse	185.156.175.43
	ub8ehJSePAfc9FYqZIT6.arm6.elf	Get hash	malicious	Unknown	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.x86_64.elf	Get hash	malicious	Unknown	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.ppc.elf	Get hash	malicious	Unknown	Browse	92.118.56.167

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.939378112820287
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	random.exe
File size:	1'704'448 bytes
MD5:	27998d2440b5a856eca1795eabb8fa23
SHA1:	62d063990224278662ebd3e54742c09c0ed74751
SHA256:	bb98ac0c1ef756eee54726001008f52b498dd3c8575e190083674f52f33f3d9f
SHA512:	814eab7721f0c0fde983bf3956094847a1ed79e422ad8a6559a4a4266c9178d996b5341be6cb20c2e62446001f89222e2d1f7ad7656eb793307ad9087b57a9bd
SSDEEP:	49152:ACLkDxtWk5WtTj/JuiLWbUT5B+xLNNXTjbT+:RLkDxwk63/JVLqMS1fy
TLSH:	BF853395BC7548C6E2C654B7BAEA82BE88A0611127C91B9B3508F07D4F632DDF320D7D
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........M...,}..,}..,}..q~..,}..T...,}..,\|..,}..qt..,}..q...,}.Rich.,}.........PE..L......f.................`...........pC......p....@

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x837000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x668CD4E5 [Tue Jul 9 06:12:53 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FF0088D797Ah
pavgb mm3, qword ptr [ecx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [ebx], cl
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729
[LNK] VS2015 UPD2 build 23918

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa061	0x75	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x9000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x8000	0x4000	0a9275de2f94ea20f7a107ef658e68aa	False	1.00067138671875	data	7.972643769197814	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x9000	0x1ac	0x200	b9f6de5ccdb3182e75356923fab3c307	False	0.54296875	data	5.242785032905105	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xa000	0x1000	0x200	867cb9e90c4bc297fa97162471f6bbe7	False	0.16796875	data	1.144414974495299	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0xb000	0x292000	0x200	30f934f23ec2121de4fc729934c16951	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
xuvnqsmj	0x29d000	0x199000	0x198400	952bf9b0c1509ae7be166830acad336c	False	0.994574785670545	data	7.953228779013761	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
dkjxiybl	0x436000	0x1000	0x600	00433dff37c170a3834f646ab86f89a0	False	0.55078125	data	4.863604592374423	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x437000	0x3000	0x2200	91f6e317aa5d6d1005b2e9887af22284	False	0.07295496323529412	DOS executable (COM)	0.7873525258160585	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x9058	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-30T12:12:10.863535+0100	2048736	ET MALWARE LUMAR Stealer Exfiltration M2	1	192.168.2.4	49730	185.244.212.106	2227	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 30, 2024 12:12:10.853368044 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.858252048 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.858325005 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.858365059 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.858582973 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.863132954 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.863185883 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.863416910 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.863466978 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.863478899 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.863534927 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.863631010 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.863694906 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.867919922 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.867929935 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.867938995 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.867947102 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.867955923 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.867964029 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.867966890 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.868026972 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.868199110 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.868241072 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.868315935 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.868357897 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.868494987 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.868504047 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.868511915 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.868544102 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.872725964 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.872788906 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.911183119 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.911340952 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:10.959050894 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:10.959213972 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.011048079 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.011109114 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.059350967 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.059405088 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.111048937 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.111104012 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.163019896 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.163083076 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.215040922 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.215096951 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.263036013 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.263171911 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.318658113 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.318933010 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.323895931 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.323908091 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.323916912 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.323925018 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.323959112 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.323973894 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.323983908 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.323986053 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.323998928 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.324007988 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.324014902 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.324026108 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.324039936 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.324050903 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.324059010 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.324065924 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.324081898 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.324096918 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.324106932 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.326036930 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.326090097 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.326149940 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.326240063 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.326308012 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.326345921 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.326425076 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.331801891 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.331851006 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.331859112 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.331867933 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.331944942 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.331954002 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.331993103 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.332006931 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.332015991 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.332052946 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.332056046 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.332097054 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.336846113 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.336854935 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.336862087 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.336896896 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.336900949 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.336910009 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.336910963 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.336918116 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.336936951 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.336945057 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.336951017 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.336976051 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.336993933 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337001085 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337002039 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337006092 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337013960 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337034941 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337048054 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337059021 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337078094 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337094069 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337101936 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337102890 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337117910 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337126970 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337133884 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337156057 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337187052 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337192059 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337209940 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337219000 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337234974 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337249994 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337253094 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337268114 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337296009 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337368965 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337378025 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337410927 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337419033 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337433100 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337435961 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337445021 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337459087 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337488890 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337491989 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337497950 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337507963 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337537050 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337541103 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337546110 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337555885 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337567091 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337572098 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337580919 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337601900 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337615013 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337625027 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337678909 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337687969 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337694883 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337702990 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337730885 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337743998 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337753057 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337757111 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337762117 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337764025 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337783098 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337793112 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337807894 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337812901 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337816000 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337831020 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337835073 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337841034 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337846994 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337866068 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337889910 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337912083 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337920904 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337928057 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337935925 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337943077 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337950945 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337964058 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337965965 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337975025 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337984085 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.337985992 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.337992907 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338001013 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338011026 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338020086 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338041067 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338047028 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338048935 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338063955 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338078976 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338080883 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338090897 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338104963 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338119030 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338126898 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338148117 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338159084 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338160992 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338167906 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338216066 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338217974 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338227034 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338233948 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338242054 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338268042 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338269949 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338278055 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338301897 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338321924 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338330984 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338332891 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338362932 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338371992 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338375092 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338381052 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338391066 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338407040 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338413954 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338422060 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338444948 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338447094 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338455915 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338464022 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338471889 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338481903 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.338505030 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.338530064 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.341707945 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341717958 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341725111 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341767073 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.341792107 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.341814041 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341823101 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341871023 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.341907978 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341917992 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341924906 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341932058 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341937065 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341939926 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341952085 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341959953 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.341960907 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342031002 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342112064 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342120886 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342128038 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342135906 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342144012 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342152119 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342159033 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342165947 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342168093 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342185020 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342194080 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342200994 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342207909 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342219114 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342223883 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342232943 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342241049 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342250109 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342256069 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342266083 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342276096 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342287064 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342293024 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342303991 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342305899 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342317104 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342329979 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342359066 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342371941 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342380047 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342387915 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342402935 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342411041 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342426062 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342443943 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342464924 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342473030 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342474937 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342483044 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342490911 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342506886 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342516899 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342518091 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342549086 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342561960 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342585087 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342592955 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342633963 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342641115 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342690945 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342695951 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342705965 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342751026 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342757940 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342767954 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342776060 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342783928 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342798948 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342807055 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342808008 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342839956 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342852116 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342852116 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342861891 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342869997 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342878103 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342886925 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342895031 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342906952 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342911959 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342921019 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342930079 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342942953 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342945099 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342953920 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.342972040 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.342984915 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343007088 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343039036 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343048096 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343055010 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343061924 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343106031 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343113899 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343123913 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343156099 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343163967 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343174934 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343209982 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343261003 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343269110 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343276024 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343283892 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343291044 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343297958 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343327999 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343349934 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343350887 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343359947 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343368053 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343374968 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343383074 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343390942 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343405008 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343406916 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343415976 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343424082 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343431950 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343440056 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343481064 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343503952 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343513012 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343519926 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343528032 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343535900 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343543053 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343559027 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343560934 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343569994 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343580008 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343588114 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343594074 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343609095 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343619108 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343621969 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343635082 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343653917 CET	49730	2227	192.168.2.4	185.244.212.106
Dec 30, 2024 12:12:11.343694925 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343703985 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343801022 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343808889 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343877077 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343884945 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.343991995 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344000101 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344060898 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344069004 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344134092 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344142914 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344207048 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344216108 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344273090 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344331980 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344340086 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344347000 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344397068 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344404936 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344412088 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344419956 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344427109 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344538927 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344547987 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344554901 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344563007 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344571114 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344578981 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344585896 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344594002 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344602108 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344609976 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344616890 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344625950 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344641924 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344650030 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344656944 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344664097 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344671965 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344686985 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344695091 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344717979 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344724894 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344733000 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344820976 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344829082 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344841003 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344849110 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344856024 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344863892 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344878912 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344887018 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344894886 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344902039 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344978094 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.344986916 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345022917 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345030069 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345109940 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345191002 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345199108 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345206976 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345215082 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345222950 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345232010 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345240116 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345253944 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345262051 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345325947 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345334053 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345366001 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345388889 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345477104 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.345484972 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.346721888 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.346810102 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.346817970 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.346853971 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.346877098 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.346972942 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347026110 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347064972 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347161055 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347167969 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347176075 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347184896 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347193003 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347199917 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347208023 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347256899 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347264051 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347270966 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347279072 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347287893 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347295046 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347310066 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347321987 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347330093 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347338915 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347376108 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347383976 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347465992 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347474098 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347568035 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347575903 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347665071 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347672939 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347681046 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347687960 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347723007 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347729921 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347737074 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347744942 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347754955 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347763062 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347805977 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347814083 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347820997 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347829103 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347839117 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347846985 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347862959 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347871065 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347896099 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347903967 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347954035 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347961903 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347969055 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.347976923 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348015070 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348023891 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348031998 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348040104 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348054886 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348063946 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348114014 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348121881 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348129034 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348145008 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348153114 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348160982 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348176956 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348185062 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348197937 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348206043 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348232985 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348242044 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348347902 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348356962 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348364115 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348371983 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348380089 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348387957 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348402977 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348411083 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348453045 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348460913 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348469019 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348475933 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348484039 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348500013 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348506927 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348515034 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348522902 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348530054 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348546028 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348553896 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348567963 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348576069 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348618031 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348625898 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348706961 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348715067 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348721981 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348730087 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348746061 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348753929 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348762035 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348768950 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348803997 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348812103 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348867893 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348875999 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348884106 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348893881 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348903894 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348942995 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.348988056 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349016905 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349060059 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349067926 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349107027 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349114895 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349159956 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349168062 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349211931 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349220991 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349227905 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349236012 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349245071 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349252939 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349303961 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349312067 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349319935 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349327087 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349337101 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349344015 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349419117 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349426985 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349435091 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349442005 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349450111 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349459887 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349474907 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349483013 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349493027 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349500895 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349508047 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349522114 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349529982 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349538088 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349551916 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349560022 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349575043 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349582911 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349597931 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349606037 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349622011 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349628925 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349705935 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349714041 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349720955 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349729061 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349736929 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349745035 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349760056 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349767923 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349776983 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349785089 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349844933 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349853039 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349862099 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349869013 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349884987 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349894047 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349901915 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349917889 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349967003 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.349975109 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350084066 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350091934 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350100040 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350106955 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350115061 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350121975 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350130081 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350142002 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350148916 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350157022 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350260973 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350269079 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350276947 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350285053 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350292921 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350300074 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350307941 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350316048 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350323915 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350338936 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350347042 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350354910 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350362062 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350377083 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350384951 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350393057 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350400925 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.350404024 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.391145945 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.525234938 CET	2227	49730	185.244.212.106	192.168.2.4
Dec 30, 2024 12:12:11.525443077 CET	49730	2227	192.168.2.4	185.244.212.106

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 30, 2024 12:12:44.824548960 CET	53	52504	162.159.36.2	192.168.2.4
Dec 30, 2024 12:12:45.298573971 CET	53	58834	1.1.1.1	192.168.2.4

Target ID:	0
Start time:	06:11:59
Start date:	30/12/2024
Path:	C:\Users\user\Desktop\random.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\random.exe"
Imagebase:	0x7a0000
File size:	1'704'448 bytes
MD5 hash:	27998D2440B5A856ECA1795EABB8FA23
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PovertyStealer, Description: Yara detected Poverty Stealer, Source: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_PovertyStealer, Description: Yara detected Poverty Stealer, Source: 00000000.00000003.1664938912.0000000004880000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	4.6%
Signature Coverage:	22.6%
Total number of Nodes:	327
Total number of Limit Nodes:	1

Executed Functions

Function 007A1000 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 702
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindNextFileW.KERNELBASE(?,?), ref: 007A13D1

Part of subcall function 007A4108: GetFileAttributesW.KERNELBASE(007A50DC,007A4509,?,?,?,?,?,?,?,?,?,?,?,?,?,007A3F59), ref: 007A4109

Part of subcall function 007A3595: RtlAllocateHeap.NTDLL(00000000,?,?,007A5242), ref: 007A35AF

FindFirstFileW.KERNELBASE(00000000,?), ref: 007A1161

Part of subcall function 007A3F87: FindFirstFileW.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 007A3FE8
Part of subcall function 007A3F87: FindNextFileW.KERNEL32(007A179D,?), ref: 007A4089

Strings

Telegram, xrefs: 007A16FB
%s\%s, xrefs: 007A11A2
7a?=, xrefs: 007A1730
%s\*, xrefs: 007A112A
7a?=, xrefs: 007A1364
Discord/, xrefs: 007A13AF
%s%s, xrefs: 007A150B, 007A1854, 007A19EA, 007A1A4F
$Lr, xrefs: 007A1281

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: File$Find$FirstNext$AllocateAttributesHeap
String ID: $Lr$%s%s$%s\%s$%s\*$7a?=$7a?=$Discord/$Telegram
API String ID: 2982223824-60960798
Opcode ID: 90c08764e11aca966627cc20a18c52f09737e79f3381f50a8f320b2d1cb52b89
Instruction ID: 715650efcd161cb15c4c55ac8345e8041eb83404765e25b2908b5f866a5c05de
Opcode Fuzzy Hash: 90c08764e11aca966627cc20a18c52f09737e79f3381f50a8f320b2d1cb52b89
Instruction Fuzzy Hash: 64321971E002249AEF28DF64C895BFD73B59FD6300F94435AE805E7191EB7C8E848B95

Function 007A20E1 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 137
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 007A3595: RtlAllocateHeap.NTDLL(00000000,?,?,007A5242), ref: 007A35AF

GetSystemInfo.KERNELBASE(?), ref: 007A21BF
GlobalMemoryStatusEx.KERNELBASE(?), ref: 007A21F3

Strings

- VideoAdapter #%d: %s, xrefs: 007A2241
- RAM: %d GB, xrefs: 007A220A
@, xrefs: 007A21EA
- HWID: %s, xrefs: 007A21AC
- CPU: %s (%d cores), xrefs: 007A21D1

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: AllocateGlobalHeapInfoMemoryStatusSystem
String ID: - CPU: %s (%d cores)$- HWID: %s$- RAM: %d GB$- VideoAdapter #%d: %s$@
API String ID: 2428356369-565344305
Opcode ID: 7da7070d422df415faa7df3683e6f5c4b8fc0e3df3c7bcb79ff0c057c150e81d
Instruction ID: e7d2e3631c92f2b26bd3c3c790f755579dd52d9451d962dd3dae73ee4ea1559e
Opcode Fuzzy Hash: 7da7070d422df415faa7df3683e6f5c4b8fc0e3df3c7bcb79ff0c057c150e81d
Instruction Fuzzy Hash: C341E6B16083459BD724DF28CC85FAFB7E8EBC6710F144A1DF94987242E7389945CBA2

Function 007A4EB2 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 288
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,00000000), ref: 007A4F58
FindNextFileW.KERNELBASE(?,?), ref: 007A5200

Part of subcall function 007A4108: GetFileAttributesW.KERNELBASE(007A50DC,007A4509,?,?,?,?,?,?,?,?,?,?,?,?,?,007A3F59), ref: 007A4109

Strings

Telegram, xrefs: 007A501A
%s\%s, xrefs: 007A4F72
%s\*, xrefs: 007A4F42

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: File$Find$AttributesFirstNext
String ID: %s\%s$%s\*$Telegram
API String ID: 2194085478-4994844
Opcode ID: a2e9e264454113455fe61b048fcfe4627056f502d23c7b0d66a2bd9c529bfafc
Instruction ID: a76250c78dd02f3adaf6695d80ecfaa953e7e6e5ca52e04395d0086984a26221
Opcode Fuzzy Hash: a2e9e264454113455fe61b048fcfe4627056f502d23c7b0d66a2bd9c529bfafc
Instruction Fuzzy Hash: 7AA18421E14348E9EF10DBA0EC4ABBE7375EF85710F20515AF508AB2A1EAB50E45875A

Function 007A1DC9 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 139
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(?), ref: 007A1E10

Part of subcall function 007A3595: RtlAllocateHeap.NTDLL(00000000,?,?,007A5242), ref: 007A35AF

FindNextFileW.KERNELBASE(00000000,?), ref: 007A1F94

Strings

%s\%s, xrefs: 007A1E9B
%s\*, xrefs: 007A1DF7
%s%s, xrefs: 007A1F4E

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: FileFind$AllocateFirstHeapNext
String ID: %s%s$%s\%s$%s\*
API String ID: 2970314880-2064654797
Opcode ID: 76a9d624989f18eb7ca86a9e1ba08d7f61da98cacc27be684664fc5c8c5c71b3
Instruction ID: 01eacd245774362b4f078ef5589b0a2efd17481befdb40901bbfc3930bd396b3
Opcode Fuzzy Hash: 76a9d624989f18eb7ca86a9e1ba08d7f61da98cacc27be684664fc5c8c5c71b3
Instruction Fuzzy Hash: AB41E1712093419FD758EF24C855A2E73E8AFC6700F408B1DF885872A1EF3CCA44878A

Function 007A1D21 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 007A475F: LoadLibraryA.KERNELBASE(CRYPT32.dll,?,?,?,?,007A1D5A,00000000,00000000,00000000), ref: 007A477E

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 007A1D80

Strings

CRYPT32.dll, xrefs: 007A1D4F
Poverty is the parent of crime., xrefs: 007A1D9F

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: CryptDataLibraryLoadUnprotect
String ID: CRYPT32.dll$Poverty is the parent of crime.
API String ID: 292101002-1885057629
Opcode ID: ded1a3a8e827446efc80397187c24f543e762b3d1cd636de87c8aadfef887f17
Instruction ID: 47a3bf6f2ea6e99a9439e0ad522d6519f02e79ac22669bde9ac2fd5d6a40455f
Opcode Fuzzy Hash: ded1a3a8e827446efc80397187c24f543e762b3d1cd636de87c8aadfef887f17
Instruction Fuzzy Hash: 4C112CB5E0020DABDF10DF95C8859EFBBBCFB85350F50466AE945B7240E7746E09CAA0

Function 007A4C2D Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 209
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 007A475F: LoadLibraryA.KERNELBASE(CRYPT32.dll,?,?,?,?,007A1D5A,00000000,00000000,00000000), ref: 007A477E

KiUserCallbackDispatcher.NTDLL(0000004C,?,0000011C), ref: 007A4C9E
GetDC.USER32(00000000), ref: 007A4CE0
GetCurrentObject.GDI32(00000000,00000007), ref: 007A4CF3
GetObjectW.GDI32(00000000,00000018,?), ref: 007A4D0C
DeleteObject.GDI32(00000000), ref: 007A4D3E
CreateCompatibleDC.GDI32(00000000), ref: 007A4D9F
CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 007A4DC0
SelectObject.GDI32(00000000,00000000), ref: 007A4DD2
BitBlt.GDI32(00000000,00000000,00000000,?,007A24F5,00000000,?,?,00CC0020), ref: 007A4DF7

Part of subcall function 007A3595: RtlAllocateHeap.NTDLL(00000000,?,?,007A5242), ref: 007A35AF

Part of subcall function 007A35C3: RtlFreeHeap.NTDLL(00000000), ref: 007A35D2

DeleteObject.GDI32(00000000), ref: 007A4E95
DeleteDC.GDI32(00000000), ref: 007A4E9C

Strings

(, xrefs: 007A4D78
U, xrefs: 007A4C5E
er32, xrefs: 007A4C65
2, xrefs: 007A4C55
- ScreenSize: {lWidth=%d, lHeight=%d}, xrefs: 007A4D28
6, xrefs: 007A4D84
gdi3, xrefs: 007A4C49

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: Object$Delete$CreateHeap$AllocateCallbackCompatibleCurrentDispatcherFreeLibraryLoadSectionSelectUser
String ID: ($- ScreenSize: {lWidth=%d, lHeight=%d}$2$6$U$er32$gdi3
API String ID: 1717029878-1028866296
Opcode ID: 1500811519f143b1efc0fb3073dc955ccc750121537f42031ff65cc2474b9931
Instruction ID: 817802707ce56c0804c11c3d5a7b358ecb33f7887cd0674927f4643c4e9bab6e
Opcode Fuzzy Hash: 1500811519f143b1efc0fb3073dc955ccc750121537f42031ff65cc2474b9931
Instruction Fuzzy Hash: A2717072D00208EADB20DFA4DC45BAEBB75BF86700F108559F605BB291DBB99A04CB65

Function 007A2282 Relevance: 24.8, APIs: 5, Strings: 9, Instructions: 321
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexA.KERNELBASE(00000000,00000000,4148ce17-5f2b-4314-8b16-31b6a48899e4), ref: 007A22AF

Strings

- OperationSystem: %d:%d:%d, xrefs: 007A232A
- UserAgent: %s, xrefs: 007A25B3
1000log, xrefs: 007A25F3
$d.log, xrefs: 007A2678
shell32, xrefs: 007A23E5
@, xrefs: 007A25DE
$, xrefs: 007A25FD
4148ce17-5f2b-4314-8b16-31b6a48899e4, xrefs: 007A22A6, 007A2612
kernel32, xrefs: 007A2439

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: CreateMutex
String ID: $$$d.log$- OperationSystem: %d:%d:%d$- UserAgent: %s$1000log$4148ce17-5f2b-4314-8b16-31b6a48899e4$@$kernel32$shell32
API String ID: 1964310414-1381876016
Opcode ID: fd4d3f43ba07e06caed307158c8b9c6237eae717fbd1daca3f21bf4b10685d6c
Instruction ID: 29dfca9d9cee320e5db421c060f84a48997caae512dc087c9da95572e65f5b4b
Opcode Fuzzy Hash: fd4d3f43ba07e06caed307158c8b9c6237eae717fbd1daca3f21bf4b10685d6c
Instruction Fuzzy Hash: F9C10330944289EAEB54EFA4DC0ABED7B71AFD7300F004255F100AA1E2CFBD4A45CB66

Function 007A53F8 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 007A475F: LoadLibraryA.KERNELBASE(CRYPT32.dll,?,?,?,?,007A1D5A,00000000,00000000,00000000), ref: 007A477E

WSAStartup.WS2_32(00000202,?), ref: 007A54E0
socket.WS2_32(?,00000001,00000000), ref: 007A550F
connect.WS2_32(000000FF,?,00000010), ref: 007A554E
send.WS2_32(000000FF,00000000,00000000), ref: 007A5570
send.WS2_32(000000FF,000000FF,106,00000000), ref: 007A558C
closesocket.WS2_32(000000FF), ref: 007A55BC

Strings

185.244.212.106, xrefs: 007A5523
106, xrefs: 007A557B, 007A557F
ws2_32.dll, xrefs: 007A5473

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: send$LibraryLoadStartupclosesocketconnectsocket
String ID: 106$185.244.212.106$ws2_32.dll
API String ID: 3472365846-2093737415
Opcode ID: a26e0e382f1b9082e3eeeff345c1ddc8c3cfc57b775002db5055193b9af1c4a8
Instruction ID: 6de7cda77e59b67055445429b5b025458eb4afa94ed0ef2d43d6616d4a703bc5
Opcode Fuzzy Hash: a26e0e382f1b9082e3eeeff345c1ddc8c3cfc57b775002db5055193b9af1c4a8
Instruction Fuzzy Hash: F951C430C44288EDEF018BE8D8097EDBFB99F56314F144189E660BE2C2D7B9474ACB65

Function 007A48D6 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 234
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00000020,00003000,00000040,0000011C,?,?,?,?,?,007A2351), ref: 007A48F7

Part of subcall function 007A475F: LoadLibraryA.KERNELBASE(CRYPT32.dll,?,?,?,?,007A1D5A,00000000,00000000,00000000), ref: 007A477E

Strings

ntdl, xrefs: 007A4914
ntdllQ#z, xrefs: 007A4985
Q#z, xrefs: 007A4964, 007A497A, 007A496A
l, xrefs: 007A4917

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: AllocLibraryLoadVirtual
String ID: Q#z$l$ntdl$ntdllQ#z
API String ID: 3550616410-2238777875
Opcode ID: 41f881027e7a86bf60132390094c1094acdfd215921aad3a8829fe1ab2cbe5a7
Instruction ID: 72901cdfd51062a73497e594863c41ec62112c3fe6456e6b811f1f565df72ce9
Opcode Fuzzy Hash: 41f881027e7a86bf60132390094c1094acdfd215921aad3a8829fe1ab2cbe5a7
Instruction Fuzzy Hash: A78108B060524196EB649F14EC4577A33A8FBC7724F20861AE2099B2E1DBFD8D84871F

Function 007A475F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(CRYPT32.dll,?,?,?,?,007A1D5A,00000000,00000000,00000000), ref: 007A477E

Strings

CRYPT32.dll, xrefs: 007A476C, 007A477D

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: CRYPT32.dll
API String ID: 1029625771-519142900
Opcode ID: 20ccbf3249993646723272d3b0758f80eb2e13414e7dab60fd86d5d550f318a3
Instruction ID: 01313aaa40ef7418c69d41923f5ed924d96555c09599058db120999b86c0107f
Opcode Fuzzy Hash: 20ccbf3249993646723272d3b0758f80eb2e13414e7dab60fd86d5d550f318a3
Instruction Fuzzy Hash: FD31A935E00655EBCB24CFA9C880ABDF7B1FFCA704F15025AD455A7341C7BAA991CBA0

Function 04A40347 Relevance: 1.7, APIs: 1, Instructions: 216
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentHwProfileW.ADVAPI32(?), ref: 04A4038F

Memory Dump Source

Source File: 00000000.00000002.1805560008.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a40000_random.jbxd

Similarity

API ID: CurrentProfile
String ID:
API String ID: 2104809126-0
Opcode ID: 674445a64b2bcd8695d905431d332569aee0ae018221354549289201180e21e0
Instruction ID: cad06757349abed5c2720ee0c2486650a9b433cb38fd44c01d50bd2c2d9a571e
Opcode Fuzzy Hash: 674445a64b2bcd8695d905431d332569aee0ae018221354549289201180e21e0
Instruction Fuzzy Hash: F441E1BB74D120AEB25282512B54AFE6B7CE6D7330730C467FA47C6102F2C53A4A7532

Function 04A40333 Relevance: 1.7, APIs: 1, Instructions: 192
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentHwProfileW.ADVAPI32(?), ref: 04A4038F

Memory Dump Source

Source File: 00000000.00000002.1805560008.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a40000_random.jbxd

Similarity

API ID: CurrentProfile
String ID:
API String ID: 2104809126-0
Opcode ID: fccc9e03a0523bdb3a1302110e91ac29faa6fa1fa5b14621a69bb51fb4035b90
Instruction ID: 9feccec3782e0d0d8b4b76279be3ee02418e198b72f0b092fc6cd464ce092a3f
Opcode Fuzzy Hash: fccc9e03a0523bdb3a1302110e91ac29faa6fa1fa5b14621a69bb51fb4035b90
Instruction Fuzzy Hash: BF3139BB74D125BDB15281812B24AFF6A7DE6DB730730C427FA07D6506F2D42A893532

Function 04A403B3 Relevance: 1.7, APIs: 1, Instructions: 182COMMON

Download Yara Rule

APIs

GetCurrentHwProfileW.ADVAPI32(?), ref: 04A4038F

Memory Dump Source

Source File: 00000000.00000002.1805560008.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a40000_random.jbxd

Similarity

API ID: CurrentProfile
String ID:
API String ID: 2104809126-0
Opcode ID: c903a8bd8450698f7f1d9ab36f4b1d1cd6692f8e208a678bc2e08cede4b26565
Instruction ID: 78f6ae907757c87f7af3cc10944bea24e5159863b344e97033daa740fdc19152
Opcode Fuzzy Hash: c903a8bd8450698f7f1d9ab36f4b1d1cd6692f8e208a678bc2e08cede4b26565
Instruction Fuzzy Hash: C531BCBB74C120ADB25281812B14AFF6A3CE6DB730730C826FA07D6106F2C46E893572

Function 04A40371 Relevance: 1.7, APIs: 1, Instructions: 178COMMON

Download Yara Rule

APIs

GetCurrentHwProfileW.ADVAPI32(?), ref: 04A4038F

Memory Dump Source

Source File: 00000000.00000002.1805560008.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a40000_random.jbxd

Similarity

API ID: CurrentProfile
String ID:
API String ID: 2104809126-0
Opcode ID: c32f74274d5abdbcaca659fd94b24a145e7b254cc9b2bc27f8f79ce20a604106
Instruction ID: 1e5976d9c4205da24612baf10871ef82fe60788de3066a0a1124d53e3df39d97
Opcode Fuzzy Hash: c32f74274d5abdbcaca659fd94b24a145e7b254cc9b2bc27f8f79ce20a604106
Instruction Fuzzy Hash: 8D31AEBB74C120BDB25281812B14AFF6A3DE6DB730730C427FA07D6106F2D42A893572

Function 04A40363 Relevance: 1.7, APIs: 1, Instructions: 176COMMON

Download Yara Rule

APIs

GetCurrentHwProfileW.ADVAPI32(?), ref: 04A4038F

Memory Dump Source

Source File: 00000000.00000002.1805560008.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a40000_random.jbxd

Similarity

API ID: CurrentProfile
String ID:
API String ID: 2104809126-0
Opcode ID: 52f15334ca082fb160a0fb9390c9128533f64a01938bbf5aff575dc377ebcc2a
Instruction ID: c426c4b28da7125bfd61ea8eda314f7c32384e188d99dcdc32f02744fea39d9c
Opcode Fuzzy Hash: 52f15334ca082fb160a0fb9390c9128533f64a01938bbf5aff575dc377ebcc2a
Instruction Fuzzy Hash: 1B316BBB78D124BDB25281812B54AFF6A7DE6DB330730C427FA07D6106F2D42A893572

Function 007A3595 Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,007A5242), ref: 007A35AF

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 46ac45ab043f3011a94f81da4ac12ae249df69b702dfb08dfb92f5b680d4f9bd
Instruction ID: e23f9ec2797a09a297dc5a681dfa027095adfc4514956ae0a7d12d64f1cedddc
Opcode Fuzzy Hash: 46ac45ab043f3011a94f81da4ac12ae249df69b702dfb08dfb92f5b680d4f9bd
Instruction Fuzzy Hash: 87D0C93369B06125D5B4216E2D5AE9BE49DCFE3AB1B0A3D7A7804DB260CD949C4141B4

Function 007A35C3 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000), ref: 007A35D2

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 5182fa087f6e42e041b141baaa1098463879bc90526c4b022e25248efd219906
Instruction ID: c37b7b6b48e4b0ff9d5339e2c3cbb05b92c93b54d3f5c9081aef9d1be086f3eb
Opcode Fuzzy Hash: 5182fa087f6e42e041b141baaa1098463879bc90526c4b022e25248efd219906
Instruction Fuzzy Hash: 5FB012483AF00224FD2CA7340875F3F10094B92309FC42948356099C904D4816000030

Function 007A4108 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(007A50DC,007A4509,?,?,?,?,?,?,?,?,?,?,?,?,?,007A3F59), ref: 007A4109

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 564679d30f4baaaeed3ae5a92a84fa9ff7b02cc4271641f0fd2a7f1cb8b62fa2
Instruction ID: 1f914cdbcbe72072a58bfc65f7cb0af6a2c29b36d86e27b2475e22ac056e0c78
Opcode Fuzzy Hash: 564679d30f4baaaeed3ae5a92a84fa9ff7b02cc4271641f0fd2a7f1cb8b62fa2
Instruction Fuzzy Hash: 20A002E917561546992C32340B5285E20050F475F4B251F5D5132E94E0E95DE9D29119

Function 007AEFA4 Relevance: 1.3, APIs: 1, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 007AF2DE

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c5ee5e7e12e5efc3af2ad328c927aa36a4f0b5c253b10497d01d3026cc4d34e4
Instruction ID: f4ac72dbbbb9ea1da482815ddc604cee7344fb30296c05fbc814b2bf6f04efe0
Opcode Fuzzy Hash: c5ee5e7e12e5efc3af2ad328c927aa36a4f0b5c253b10497d01d3026cc4d34e4
Instruction Fuzzy Hash: D101B5B6509505CFDB006F38C5892AE7BE0FF89310F654729DA95C3358E279441A9712

Function 007AF7B9 Relevance: 1.3, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 007AFB2E

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 15b70514af77ebb9d24145ca0aeac450fb3a788e38a449bf8fea6b83178e7758
Instruction ID: 43bddf70e3d87ac206d97c530f0f785ae4f0d3efc9d5c4385375452a5126f576
Opcode Fuzzy Hash: 15b70514af77ebb9d24145ca0aeac450fb3a788e38a449bf8fea6b83178e7758
Instruction Fuzzy Hash: C8D09EF405DA46DFD3002F61C885ABEBFF4FB42746F25192CF9D64A606E2B90490DB62

Non-executed Functions

Function 0092622D Relevance: 11.7, Strings: 8, Instructions: 1675COMMON

Download Yara Rule

Strings

&?, xrefs: 0092635B
&I?>, xrefs: 0092721D
F+], xrefs: 00926FBE
F+], xrefs: 00926FE4
G=5w, xrefs: 00926B64
Kxg4, xrefs: 00926956
S,#~, xrefs: 009272DB
:BX, xrefs: 00927306

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: &I?>$G=5w$Kxg4$S,#~$&?$:BX$F+]$F+]
API String ID: 0-2628835381
Opcode ID: ad2fab30e2912f81b158474be2e6d56319b2ad2a2ce9fa9f997d3cfebb977aca
Instruction ID: 1642172ba31b1dd701ca74b797c11dd60ce8f76db8596c0bf09a9c40678032ea
Opcode Fuzzy Hash: ad2fab30e2912f81b158474be2e6d56319b2ad2a2ce9fa9f997d3cfebb977aca
Instruction Fuzzy Hash: 23B2E8F36086049FE304AE2DDC8577AFBE9EF94720F1A893DE6C4C3744E63598058696

Function 0091C154 Relevance: 11.6, Strings: 8, Instructions: 1637COMMON

Download Yara Rule

Strings

3%Em, xrefs: 0091C406
jQ{{, xrefs: 0091CDCF
{_;W, xrefs: 0091C6E2
vug, xrefs: 0091CDF2
Q'm~, xrefs: 0091C454
{eu', xrefs: 0091CB06
abN, xrefs: 0091C1B2
"r7w, xrefs: 0091D107

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: "r7w$3%Em$Q'm~$abN$jQ{{$vug${_;W${eu'
API String ID: 0-1210440452
Opcode ID: 04a535f4b6466a59419212e320841bef48db518da73c65e8b04606ff1f48bb69
Instruction ID: 16b7410f8f5a81967224007462ea853875c6542791f7839085de8f5f70be2777
Opcode Fuzzy Hash: 04a535f4b6466a59419212e320841bef48db518da73c65e8b04606ff1f48bb69
Instruction Fuzzy Hash: 8EB226F360C2049FE304AE2DEC8567ABBE6EFD4720F16893DE6C4C7744EA3558418686

Function 00921382 Relevance: 7.8, Strings: 5, Instructions: 1559COMMON

Download Yara Rule

Strings

G5}>, xrefs: 0092163A
tSo, xrefs: 00921EDF
W?Ws, xrefs: 009219B8
Hw[_, xrefs: 00921DED
oLG, xrefs: 0092259E

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: G5}>$Hw[_$W?Ws$oLG$tSo
API String ID: 0-1621136995
Opcode ID: d17058c6ac5c926b9ce2707168bdf80be3a1c92ef61e204066d51f5328a54cf4
Instruction ID: a95fc7acc14e19d4011c9befe3a8725b2e60535972f305cf43cbf506c40793f2
Opcode Fuzzy Hash: d17058c6ac5c926b9ce2707168bdf80be3a1c92ef61e204066d51f5328a54cf4
Instruction Fuzzy Hash: 39B2F7F3A0C2049FE3046E29EC8567AF7E9EF94720F16893DEAC4C7744E63558418796

Function 007A4145 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 97fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,00000000), ref: 007A4198
FindNextFileW.KERNEL32(000000FF,?), ref: 007A41E4

Part of subcall function 007A35C3: RtlFreeHeap.NTDLL(00000000), ref: 007A35D2

Strings

%s\%s, xrefs: 007A41F8
%s\*, xrefs: 007A4182

Memory Dump Source

Source File: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID: FileFind$FirstFreeHeapNext
String ID: %s\%s$%s\*
API String ID: 839670836-2848263008
Opcode ID: 005f759e6261cc68780eef85dbc686c82081ef64b933b12f8cc64a289a768a68
Instruction ID: 5d7965cdb6eab2500484a8dd85fc0d1740e13e84a0b5f530c0aaceb83f3f6e9e
Opcode Fuzzy Hash: 005f759e6261cc68780eef85dbc686c82081ef64b933b12f8cc64a289a768a68
Instruction Fuzzy Hash: 0B31CB70B00218EBCB24AF68CC8976E77A5FFC7740F104269B90587281DBBD9E518B91

Function 0091E393 Relevance: 3.5, Strings: 2, Instructions: 990COMMON

Download Yara Rule

Strings

-B=o, xrefs: 0091EE99
xb?, xrefs: 0091EC63

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: -B=o$xb?
API String ID: 0-4061631158
Opcode ID: 182f52a2713a68f9fc4e1497b0c3f696da64da1b446e9d6c3c48630093ff0520
Instruction ID: 6127ec33dfa59d147c3903e4b687f3525cd766be253ba5f5e9b839b2ee60f451
Opcode Fuzzy Hash: 182f52a2713a68f9fc4e1497b0c3f696da64da1b446e9d6c3c48630093ff0520
Instruction Fuzzy Hash: A26206F3A082009FE714AE29DC8577AB7E5EF94320F1A493DEAC4C3744E63598458797

Function 0081A12D Relevance: 3.0, Strings: 2, Instructions: 472COMMON

Download Yara Rule

Strings

HE?, xrefs: 0081A770
l[*(, xrefs: 0081A7A4

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: HE?$l[*(
API String ID: 0-35243023
Opcode ID: e07d45a9a3c5656ff9e9b7b17d98663535590179943a6c41a237d80930108f4c
Instruction ID: 27f309d9ef53430235e53a4c2c8d55d4ed34dff7d7b1819560298f71f409a0b6
Opcode Fuzzy Hash: e07d45a9a3c5656ff9e9b7b17d98663535590179943a6c41a237d80930108f4c
Instruction Fuzzy Hash: 12F1ACF3F112254BF3444D29DD983667A82DBD5310F2F823C8B88AB7C9E87E5C4A4285

Function 007B803B Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

hB|^, xrefs: 007B84E5
wY_{, xrefs: 007B8600

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: hB|^$wY_{
API String ID: 0-745983147
Opcode ID: a3549cbe0b76532ef297a31f54d49f73b37af843de6707b18c637614254c4883
Instruction ID: 209ebedb5093a9c4514e669e432908d0597c67a45605693714b64d8909261514
Opcode Fuzzy Hash: a3549cbe0b76532ef297a31f54d49f73b37af843de6707b18c637614254c4883
Instruction Fuzzy Hash: 0CE1BCF7F102214BF3544968DC98376A696DBE4324F2F823D9E98A77C5E87E9C054384

Function 007F507D Relevance: 2.6, Strings: 2, Instructions: 121COMMON

Download Yara Rule

Strings

Q\/, xrefs: 007F50B7
^\/, xrefs: 007F50BD

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: Q\/$^\/
API String ID: 0-4200938547
Opcode ID: ad8ab490d11ccd5c78ce0ba42a941d790f603cc122fad0be78ef7a6fa4d483a7
Instruction ID: ff661133b6adb25cb2aa9324d7b30f4aa72306cc1d995774528deb250cffb186
Opcode Fuzzy Hash: ad8ab490d11ccd5c78ce0ba42a941d790f603cc122fad0be78ef7a6fa4d483a7
Instruction Fuzzy Hash: 793157F390C2049BE714B97DECD576AB7D9EBA8320F1A063CDF89D3740E535A9018296

Function 008BE3BC Relevance: 1.8, Strings: 1, Instructions: 520COMMON

Download Yara Rule

Strings

#)kw, xrefs: 008BE7F7

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: #)kw
API String ID: 0-3963090000
Opcode ID: f727a2a8b80991968c48eed7679fda9732ed16d510835fe20823faf87ce4cfdb
Instruction ID: 58a44a9ee465187891b54d2d7548559f53ac51c3b40c114ff2cac9b60156aae4
Opcode Fuzzy Hash: f727a2a8b80991968c48eed7679fda9732ed16d510835fe20823faf87ce4cfdb
Instruction Fuzzy Hash: B202CDF3E146248BF3185E28DC85366B6D2EB94320F1B863C9F89A77C5E93E5C058385

Function 008D22D8 Relevance: 1.7, Strings: 1, Instructions: 434COMMON

Download Yara Rule

Strings

''K, xrefs: 008D289B

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: ''K
API String ID: 0-1518725774
Opcode ID: 066006bb2da1260bb454afddcf56e9112d201cf836ee4fe62ea25b492609dce8
Instruction ID: b74fd77146795368c3fa5e3c4f2a8a651d89daf675b4c91a94a814cb677153a7
Opcode Fuzzy Hash: 066006bb2da1260bb454afddcf56e9112d201cf836ee4fe62ea25b492609dce8
Instruction Fuzzy Hash: 27E1B0B3F102254BF3149A28DC98366B692EB94324F2F823CDF89A77C5D97E6C054785

Function 009212CD Relevance: 1.7, Strings: 1, Instructions: 421COMMON

Download Yara Rule

Strings

G5}>, xrefs: 0092163A

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: G5}>
API String ID: 0-1591182067
Opcode ID: b0cf60097a812114b4925be91c8af6e697a583e437d60025543974eaae508ff8
Instruction ID: 3cc1a3a77517e4b96e5989a96e3e2833f3243e841019a449d03de15a228134fd
Opcode Fuzzy Hash: b0cf60097a812114b4925be91c8af6e697a583e437d60025543974eaae508ff8
Instruction Fuzzy Hash: F4C136F3A0C6045FE304BE2DEC8567ABBE6EFD4720F2A853DE6C487744E53558458682

Function 0083D0F9 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

)V3:, xrefs: 0083D259

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: )V3:
API String ID: 0-2787692840
Opcode ID: 1a3c5849731afb2b4b4375cb1612bcd1348b8cea78a35f3c647f352980256b03
Instruction ID: c09e3175757f73140c6e47c7dc0a271f30258dbd4d96e001d58168dc6d9e2abe
Opcode Fuzzy Hash: 1a3c5849731afb2b4b4375cb1612bcd1348b8cea78a35f3c647f352980256b03
Instruction Fuzzy Hash: EEC17BB3F5122507F3544879DC983A26583E7D4324F2F82788E99AB7CADCBE5D4A1284

Function 009053BE Relevance: 1.6, Strings: 1, Instructions: 329COMMON

Download Yara Rule

Strings

7, xrefs: 009055F6

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: 575c75f1f2816cd84963c526a7a622d850822ac7eef38854e604768c2af076dd
Instruction ID: f47fe12c280751fbc074fc88e86966cbc05fe841f24a666c154baa86e8b25a8f
Opcode Fuzzy Hash: 575c75f1f2816cd84963c526a7a622d850822ac7eef38854e604768c2af076dd
Instruction Fuzzy Hash: 7AB18DB3F1162547F3584939CC683A26683DBE5324F2F827C8A9A5B7C6DC7E5C4A5380

Function 008A6033 Relevance: 1.6, Strings: 1, Instructions: 307COMMON

Download Yara Rule

Strings

la*S, xrefs: 008A61D4

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: la*S
API String ID: 0-2225666774
Opcode ID: 37311785e8d2104d2e2ce023c01fcc0ef5ed95f516a8c36bd206ea0e50ce8099
Instruction ID: 7c2442ab5373bc34b722784e4a3c5b513949c424d564bee28080b7373cb14ac0
Opcode Fuzzy Hash: 37311785e8d2104d2e2ce023c01fcc0ef5ed95f516a8c36bd206ea0e50ce8099
Instruction Fuzzy Hash: 07B1BFB3F5122547F3444979CD983616683DBD5324F2F82388F69AB7CADCBE5C0A5284

Function 0087719F Relevance: 1.6, Strings: 1, Instructions: 303COMMON

Download Yara Rule

Strings

>, xrefs: 0087740D

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: >
API String ID: 0-325317158
Opcode ID: 5c829ca18da37b0bfc34f395967e0c15bbee42b0bda59445b72d48c557a6aae5
Instruction ID: db6a102436502a05dd577f68563a4f3b42c73c84eb6e3d9989c0610ab96f16ee
Opcode Fuzzy Hash: 5c829ca18da37b0bfc34f395967e0c15bbee42b0bda59445b72d48c557a6aae5
Instruction Fuzzy Hash: AEA128B3F1122547F7584939CC683626683A7D5324F2F82788E8DAB7C6D97E5C4A4384

Function 00852203 Relevance: 1.5, Strings: 1, Instructions: 291COMMON

Download Yara Rule

Strings

HOy#, xrefs: 0085235E

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: HOy#
API String ID: 0-1488508670
Opcode ID: 6fd8b88d10e31e08ada2bf177af995a12bce895ab233567859ca1ed6b6b46ed1
Instruction ID: 6c7834e82631a22a285ebc6c4075ebf86f5f0881aa08d592f832810cd5747b18
Opcode Fuzzy Hash: 6fd8b88d10e31e08ada2bf177af995a12bce895ab233567859ca1ed6b6b46ed1
Instruction Fuzzy Hash: D8A1ACF7F1122547F3544929CC583617283DBE5325F2F82788E48AB7CAE87E5D4A5384

Function 0081C058 Relevance: 1.5, Strings: 1, Instructions: 289COMMON

Download Yara Rule

Strings

d, xrefs: 0081C2B4

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: d67c58af32095e00e88c2b2a9ea602a004254fccfc9b346bc8cbae2fb108c69c
Instruction ID: 7b5c72311ed6bb1063e28c417f5929c5cfb679e895e6f948b43452f3d5840a00
Opcode Fuzzy Hash: d67c58af32095e00e88c2b2a9ea602a004254fccfc9b346bc8cbae2fb108c69c
Instruction Fuzzy Hash: 6EA19FB3F111260BF3584938CC643A26683EBD5324F2F817C8E899B7C5D97E5D4A5384

Function 008E5238 Relevance: 1.5, Strings: 1, Instructions: 282COMMON

Download Yara Rule

Strings

i, xrefs: 008E5372

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: i
API String ID: 0-3865851505
Opcode ID: d8e112980c4d2908cd293f8068777f09e20ecfece2194105d5d3886382f00c65
Instruction ID: 05a1cdb0d959ef0cb0404bcc9c132395ce3b8fb04cd65447de3f5a6f2e4e3346
Opcode Fuzzy Hash: d8e112980c4d2908cd293f8068777f09e20ecfece2194105d5d3886382f00c65
Instruction Fuzzy Hash: 53A1AFB3F516254BF3544978CCA83626643DBD6310F2F82788E886BBCAD87E5C0A5384

Function 008D614E Relevance: 1.5, Strings: 1, Instructions: 262COMMON

Download Yara Rule

Strings

j, xrefs: 008D628A

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: j
API String ID: 0-2137352139
Opcode ID: a5c519a08b61f5669283c9ab1271b5880f6e8cd7448cec46e50d6d5cc87ce515
Instruction ID: 74580c9aae104f212cc208421fdb8763055eda904289165d67d3011b70b173d4
Opcode Fuzzy Hash: a5c519a08b61f5669283c9ab1271b5880f6e8cd7448cec46e50d6d5cc87ce515
Instruction Fuzzy Hash: FD918AF3F615314BF3644968CC593626583A796320F2F82788E5CABBC6D87E9C0A53C4

Function 008C00B3 Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

?, xrefs: 008C0148

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: ?
API String ID: 0-1684325040
Opcode ID: 3c6623acd130ff5198b7a74c85db53215d3434470bc3bc049827645cb2f0a7fc
Instruction ID: 642c73f0b908ecc2bb6bcd2470b1132c7a916d2dd2a565742785659279d0d1e8
Opcode Fuzzy Hash: 3c6623acd130ff5198b7a74c85db53215d3434470bc3bc049827645cb2f0a7fc
Instruction Fuzzy Hash: 76918FB3F502254BF3644D78CC983617283EB95324F2F42788E986B7C6D9BE6D496384

Function 008871FB Relevance: 1.5, Strings: 1, Instructions: 247COMMON

Download Yara Rule

Strings

!, xrefs: 008872C8

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: ab5f4b5f5d7bb3da24e62da76c837c6b6e87d6f06273005086faab84b7e4705f
Instruction ID: 87b5f8d93dc095fdd61f12883514c359995316a902ce4e5512079b5136f900d0
Opcode Fuzzy Hash: ab5f4b5f5d7bb3da24e62da76c837c6b6e87d6f06273005086faab84b7e4705f
Instruction Fuzzy Hash: BE818AB3F1122107F3584968CC58362A683DBD5324F2F81788F4DAB7C6D97E5D0A5384

Function 007DB17C Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

|>`e, xrefs: 007DB24E

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: |>`e
API String ID: 0-1987966674
Opcode ID: de5ecb43bac6b4b0949bcd2063666eeaeee152ffa8c7b89aa77287a4783daa96
Instruction ID: f79ba683268c206309b6ab95e02cabe711229b6256fa96f1b124876615a35068
Opcode Fuzzy Hash: de5ecb43bac6b4b0949bcd2063666eeaeee152ffa8c7b89aa77287a4783daa96
Instruction Fuzzy Hash: 0281ACB3F112264BF3544928CD583A266439BD5320F2F82788F8D6B7CAD97E6D4A5384

Function 0087E3E6 Relevance: 1.5, Strings: 1, Instructions: 240COMMON

Download Yara Rule

Strings

t, xrefs: 0087E593

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: t
API String ID: 0-2238339752
Opcode ID: 80b1a11b09afe8b2c50a63462d7d4ca8ee62fc6bc5937e3cf54c4a7f7d52027b
Instruction ID: 0abaf271eaf7942695e6d01708c46546fe67f1d3532d60d6b6319ba0628ae2b5
Opcode Fuzzy Hash: 80b1a11b09afe8b2c50a63462d7d4ca8ee62fc6bc5937e3cf54c4a7f7d52027b
Instruction Fuzzy Hash: 6E819DB3F2162507F3580928CC653B26183DBE5724F2F427D8A999B7C6DC7D9D095384

Function 0087E07F Relevance: 1.5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

f, xrefs: 0087E106

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: f
API String ID: 0-1993550816
Opcode ID: b5c7cfb18f3aecc480a5a2579639ec11e647797bb07a5fdfc3d8ab6171bbc541
Instruction ID: 7c092f68d171baa9fc5897cf3363fe952774e418b8dddc274e4950017f0c2a64
Opcode Fuzzy Hash: b5c7cfb18f3aecc480a5a2579639ec11e647797bb07a5fdfc3d8ab6171bbc541
Instruction Fuzzy Hash: A0717CB3F6162547F3904969CC54362B283EBD5320F2F85788D88AB7C5D97EAC4A53C4

Function 0083B103 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

O, xrefs: 0083B18F

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: O
API String ID: 0-878818188
Opcode ID: c710ddfd70b1b82140778260a5da76798b97230eb7bdba494c16a73081da61cb
Instruction ID: c2d430f51e86387be350d7829c1bfa7f3c8adb9fda8644ffad83ea4bd7b20f0d
Opcode Fuzzy Hash: c710ddfd70b1b82140778260a5da76798b97230eb7bdba494c16a73081da61cb
Instruction Fuzzy Hash: FB618AB3F111254BF3544D28CC683B17693EBD5310F2F81788A89ABBD5D97EAD496380

Function 0090C128 Relevance: 1.4, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

l$ry, xrefs: 0090C2AC

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: l$ry
API String ID: 0-1528867703
Opcode ID: b29dde2a96e8e6997843b23ced2bf5642bfbb6e3a0a7c998863489efd841ded7
Instruction ID: f03acdb61635e7b5dc9dec2a7787900452d9d289127d91ef8672716c28ec7b8e
Opcode Fuzzy Hash: b29dde2a96e8e6997843b23ced2bf5642bfbb6e3a0a7c998863489efd841ded7
Instruction Fuzzy Hash: 7F51ACB3F112264BF3544D78CC983716683DBD5320F2F82788A981BBCAE97E5D4A5384

Function 0086A291 Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

1, xrefs: 0086A2EF

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID: 1
API String ID: 0-2212294583
Opcode ID: 7816b1bca3bb79c5b8085009d2adf447c9ed066af86b35e863970be50a13f3bd
Instruction ID: f20e1386dd28885591053bc286465e4cd5eb8403ed53d3c55e9e1bf32bdd9797
Opcode Fuzzy Hash: 7816b1bca3bb79c5b8085009d2adf447c9ed066af86b35e863970be50a13f3bd
Instruction Fuzzy Hash: 63519BB3F512264BF3544E28CC58371B393EB92320F2F82788E986B7C9D97D6D495284

Function 008620BF Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94501e75339aa23109a63112ef9f3c5736e22f5c9c7b5897c586aed19ff35bad
Instruction ID: 59cf29b8b265a4df9c9e94fd4dee8eb16bcaeb0e4f417302e0702703da3f0275
Opcode Fuzzy Hash: 94501e75339aa23109a63112ef9f3c5736e22f5c9c7b5897c586aed19ff35bad
Instruction Fuzzy Hash: 840261A3F2191507F7580838CD693B51983E7E5320E2F8279CB8A9B7C6DCBE5D4A5384

Function 008971D8 Relevance: .5, Instructions: 540COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c89ecb8677d4dd69e50f6775b892c86357364971c6adf0e0c11e74927a9daf0
Instruction ID: 9b141c585067138771b5184051763d82e035c9d06d6c5d634ee991df808cc097
Opcode Fuzzy Hash: 6c89ecb8677d4dd69e50f6775b892c86357364971c6adf0e0c11e74927a9daf0
Instruction Fuzzy Hash: A302DEF3E106214BF3545D38DC99366BA92EB94720F2F823C8E899B7C5D97E5C098385

Function 00861302 Relevance: .5, Instructions: 535COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c8ad683b3eb35ab6e635bbb746d312d5be2520cf9324c247f7fb23c9432706c
Instruction ID: 3b345c5bd728211d2217183c798d0ef9e3c642d9892651d471b30fd936bb8b30
Opcode Fuzzy Hash: 5c8ad683b3eb35ab6e635bbb746d312d5be2520cf9324c247f7fb23c9432706c
Instruction Fuzzy Hash: C80272F3F606650BF7A408B8DC983A55582E7A5324F2F4278CF59AB7C2D8AE0D4953C4

Function 0086307B Relevance: .5, Instructions: 484COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68adcb4b9db5ad94f7a08bf4191c9ee834b18ffad11aab27c08d899aca23a35b
Instruction ID: b926ea7dae94ffec4866f23ad0a919c3d3d1d0acf27a8ad87c6a946070f18599
Opcode Fuzzy Hash: 68adcb4b9db5ad94f7a08bf4191c9ee834b18ffad11aab27c08d899aca23a35b
Instruction Fuzzy Hash: 65F1E3F3E142204BF3145E69DC58366B693EBD4320F2B863C9E89ABBC8D97E5C054385

Function 008550EF Relevance: .5, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82ffb285a9a7519cec7e6796c92f0185018a4e6165e73ed1abf80f7951e32951
Instruction ID: 3f391f289add4093c174549c35dc0ee0540e56b555f3f51d46192b46892af038
Opcode Fuzzy Hash: 82ffb285a9a7519cec7e6796c92f0185018a4e6165e73ed1abf80f7951e32951
Instruction Fuzzy Hash: E2F1FFB3F152204BF3445E28CC88366B6D2EBD4310F2B863D9E889B7C5D97D9D498786

Function 007CD235 Relevance: .5, Instructions: 452COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 542a5459864d030d722ace621eb83491cf6c2e3f3d0b4e32a419e4d98804efa6
Instruction ID: 33a0809999541d2d1c4d9003ab497700993a9828a4430f2bea58049e1f933498
Opcode Fuzzy Hash: 542a5459864d030d722ace621eb83491cf6c2e3f3d0b4e32a419e4d98804efa6
Instruction Fuzzy Hash: 8CE1FFB3E152118BF3145E29DC84366B792EBD4320F2F463CCA889B7C5DA7E5C469386

Function 008F9104 Relevance: .4, Instructions: 408COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd456b4730d024cbe981c992c473ded43cd0489cacfd90f8c5cb08848a238f1d
Instruction ID: 7634d1cda5a23868879ed2b38ac626dcaced26d9d9bdc02987113914bc036543
Opcode Fuzzy Hash: fd456b4730d024cbe981c992c473ded43cd0489cacfd90f8c5cb08848a238f1d
Instruction Fuzzy Hash: E8D15AB3F1162547F3584879CDA83B2658397D5320F2F82398F99AB7C6DC7E5D0A1284

Function 008621C5 Relevance: .4, Instructions: 402COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca5ef50dabb5c8625f700b4fdf5a0e7cc61bb9c3202ad4d24d376124322b749f
Instruction ID: 3645902542403221aa4d8326baac370554de41266f0a46c2b6c1c41e459a79be
Opcode Fuzzy Hash: ca5ef50dabb5c8625f700b4fdf5a0e7cc61bb9c3202ad4d24d376124322b749f
Instruction Fuzzy Hash: 74D1A1B3F2191507FBA80428CDA93B51983E7E5320E2F417DCB8A9B7C6DCBE484A4345

Function 008D002D Relevance: .4, Instructions: 398COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2b988cb1e57814d798461898bf39a205a96957f6922e28335725a7ee5942f93
Instruction ID: a3d81ad5f599034d69a32a86765d77471a4a17fb77d87e5f12717dfc04497540
Opcode Fuzzy Hash: f2b988cb1e57814d798461898bf39a205a96957f6922e28335725a7ee5942f93
Instruction Fuzzy Hash: 92D18DB3F102254BF3584968CC683A16683EBA5324F2F427D8F8DAB7C6D87E5C495384

Function 008613EB Relevance: .4, Instructions: 393COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27bf9c77a9f0324822d6d224e5e3974f2361de7bfeb19a2fd3679609cb3db12d
Instruction ID: 31376e924a673a1a5c3b667cd08a92ae52efb8ac03d3aa8d51ec85162f5094f9
Opcode Fuzzy Hash: 27bf9c77a9f0324822d6d224e5e3974f2361de7bfeb19a2fd3679609cb3db12d
Instruction Fuzzy Hash: 9CD160F3F607650BFBA404B8DCD83A55982A765324F2F4278CF59AB3C2D8AE0D494384

Function 008AB0B6 Relevance: .4, Instructions: 377COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37583e13767f65d33e1bbccccc7992fdc402c7d7fbe581807c63ca6ac1f68804
Instruction ID: bde85d4a3238cb4c9115c7667eb1adfd04b4d52430460d5a9f2b691b4547e30c
Opcode Fuzzy Hash: 37583e13767f65d33e1bbccccc7992fdc402c7d7fbe581807c63ca6ac1f68804
Instruction Fuzzy Hash: 81D18DB3F5022547F3584978CDA83A26682D795320F2F82788F996BBCADC7E5D095284

Function 0083120A Relevance: .4, Instructions: 377COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0f87178bda29bacfcca16aaca8135e03ac8be565fa05f891e0887378c189237
Instruction ID: fe12abd9dc7d707959959d2a46e2cccaed55e9d77761d16b5222e3c79ebb9a80
Opcode Fuzzy Hash: d0f87178bda29bacfcca16aaca8135e03ac8be565fa05f891e0887378c189237
Instruction Fuzzy Hash: 9CD1AEB3F513254BF34449B4DC983A22683DBD5324F2F82788E48AB7C6D9BE5D4A5384

Function 00883063 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2d75da7eadf02840ee10bc585951fa575a35ceb814d88070727d01342085cb5
Instruction ID: e352dfeaf039fa8784f9611cffd568f8b1d6e45469065502df3cc9f239547fba
Opcode Fuzzy Hash: c2d75da7eadf02840ee10bc585951fa575a35ceb814d88070727d01342085cb5
Instruction Fuzzy Hash: 3DC18FB3F502254BF3544979DD983A266839BD5320F2F82788E8C6BBC6DC7E5C4A5384

Function 008EA075 Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f4e2e89e1001ffdf4e9cc97aa961d1d77614ce56a5bd1df990ade824aeb4d9d
Instruction ID: dc209c9286099378a33765c57191255f44282ba5e19fabd485ac6258f2ceafa6
Opcode Fuzzy Hash: 8f4e2e89e1001ffdf4e9cc97aa961d1d77614ce56a5bd1df990ade824aeb4d9d
Instruction Fuzzy Hash: AAD19CB3F112264BF3944979CC583A266839BD1324F2F82788E5C6BBC9DC7E5D4A5384

Function 009002EC Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80e99b4ae875c1ebc5e5fd9ae2ca0e4ff745a72356aebc6dbd34d79b573398e8
Instruction ID: 1d77742a6178be50fbc4aa1533623aa420ded4ea11cd68e397940e7d1ea64654
Opcode Fuzzy Hash: 80e99b4ae875c1ebc5e5fd9ae2ca0e4ff745a72356aebc6dbd34d79b573398e8
Instruction Fuzzy Hash: B6C16AF3F112254BF3544978CC683A26583DBA1324F2F82788E5DABBC9D87E9D495384

Function 00827383 Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 918e7457587dbd350d253d927ef169333d1fafed1c1bb07f50282fa412736601
Instruction ID: aadb5c45c8c9a8845cdeb7e96d95ce21f24fda005c602f9877688b8be16f7481
Opcode Fuzzy Hash: 918e7457587dbd350d253d927ef169333d1fafed1c1bb07f50282fa412736601
Instruction Fuzzy Hash: 23C16BB7F512254BF3544979CC9836266839BD5324F2F82788F4CAB7C5DC7E9C0A5284

Function 007D60A4 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ec2c5d0fb0ce0dd82ccec19183fb37eb1a3936ac4671b82a3963a68296a401b
Instruction ID: 26564a62effbdab6caeaa344919f86bf1543d097990149bf9fdc8c9ca30890d7
Opcode Fuzzy Hash: 4ec2c5d0fb0ce0dd82ccec19183fb37eb1a3936ac4671b82a3963a68296a401b
Instruction Fuzzy Hash: B0C16AB3F111254BF3944839CD6836669839BD5320F3F82788BAC6BBC9DC7E5D0A5284

Function 008ED212 Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b88f7db92c1d34222ccb6efb8f8ad1756258f8f3064d7f4e0424b006d5c160d
Instruction ID: 7621b5154a61f25f7389e93c45f184f573c94e3a0fd589eab3ba37a5ac8fbc96
Opcode Fuzzy Hash: 1b88f7db92c1d34222ccb6efb8f8ad1756258f8f3064d7f4e0424b006d5c160d
Instruction Fuzzy Hash: 8DC16DB3F1162547F3544D29CC983626283EBE5324F2F81788F986BBCAD97E5C4A5384

Function 00835283 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 190e654965ffcdfa6a7bee93a83dc0f29e03e8627ba29b1ad6fb5e2cfe21e571
Instruction ID: 41c488c6185c5625246a03cca80fc2f36ba1357f35327cf01964c5f640bea664
Opcode Fuzzy Hash: 190e654965ffcdfa6a7bee93a83dc0f29e03e8627ba29b1ad6fb5e2cfe21e571
Instruction Fuzzy Hash: 61C19BB3F112254BF3544968CC983A26683EBD5320F2F82788E5C6B7C5D97E9D4A63C4

Function 0090B2EA Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0fcec6e5d4b5dc8e2ed77d1211a33aede4532bad7b62c1b200173e135e4e0fe
Instruction ID: d92c23ce944291dcb3920dec470abac924751f022f6a7a15423839f96983ed0f
Opcode Fuzzy Hash: e0fcec6e5d4b5dc8e2ed77d1211a33aede4532bad7b62c1b200173e135e4e0fe
Instruction Fuzzy Hash: 43C19BB3F1162547F3544979CC583A266839BD5320F2F82788F9CAB7C6D87E9D065384

Function 008A73E4 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 366aaabd1ecd85b0bf86a0774bb891855e4dc96f3cba12a2b17d557cb8e3daaa
Instruction ID: 3c73eac81404b0a31bf56af4f7f6e6f8261513e102461cc301027713c8bc6073
Opcode Fuzzy Hash: 366aaabd1ecd85b0bf86a0774bb891855e4dc96f3cba12a2b17d557cb8e3daaa
Instruction Fuzzy Hash: CAC1CEB3F2122547F3484968CCA93B27283D7D5315F2F817C8A4A9B7C6D97E5C0A5384

Function 0083C14F Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5179ad3f660699b6c9b9fa48004f99fbd285a3dac58815521ee12acea25aa287
Instruction ID: c45698f921e5d143af6c78b1ce3e44e2dc29b30602f8de0996c7b620e5ce99b9
Opcode Fuzzy Hash: 5179ad3f660699b6c9b9fa48004f99fbd285a3dac58815521ee12acea25aa287
Instruction Fuzzy Hash: BAC179F3F116250BF3548829CC6836265839BD5324F2F82788E9D6BBCAD87E5D0A5384

Function 007D5235 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f02eed3c4d2c014e017f29f24ac294f06e86462975a8abaa3e1ce20c6efe9c
Instruction ID: a85b6a9e922f0f37197e2d87a54944eaf389b12b69330cbff88a0f677ca71919
Opcode Fuzzy Hash: f6f02eed3c4d2c014e017f29f24ac294f06e86462975a8abaa3e1ce20c6efe9c
Instruction Fuzzy Hash: E0C1BCB7F112254BF3544D39CC983622683EBD5314F2F82788A586BBCADC7E9D4A5384

Function 007C8276 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 740bda2d3991818d994bdfb3e54957ba1106de8dff804e9dbaae7aa4a3082119
Instruction ID: ed1978f9d002a8c190781e2bbe841a5fffafe1bd547731ecb83aa7a19f20a108
Opcode Fuzzy Hash: 740bda2d3991818d994bdfb3e54957ba1106de8dff804e9dbaae7aa4a3082119
Instruction Fuzzy Hash: E7C178B3F2112247F3944978CD583A266839BD0324F2F82788E8C6BBC6D87F5D4A5384

Function 008AE2E7 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfd66e87d0ca77b77f5fd1888804fa7eaf6cbd543fa9a1a3e1b72255d73cb644
Instruction ID: c91a501b4104d6d3c7660e0a4308a44985cd1e9c3a3880ce27cf14cee96eb93a
Opcode Fuzzy Hash: cfd66e87d0ca77b77f5fd1888804fa7eaf6cbd543fa9a1a3e1b72255d73cb644
Instruction Fuzzy Hash: 07B16EB3F112264BF3584D79CD983626683DBD5310F2F82788E49ABBC5D87E9D095384

Function 008740F3 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d17150db726fd38fba45cd0a673adc6e63110b270f76735609c8eff5544993ab
Instruction ID: 33a7355f7b8338d1d78ad79c288a145ca04202cf3026514c91d1818e582737a2
Opcode Fuzzy Hash: d17150db726fd38fba45cd0a673adc6e63110b270f76735609c8eff5544993ab
Instruction Fuzzy Hash: F6B18DB3F112250BF3544978CC9836265839BD5324F2F82788E9DAB7C6E87E5D4A53C4

Function 0087C16D Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4d25939cf3d1400154aa70205c2cbbc0d4ca547c97f316e84044f209508c558
Instruction ID: 23cd7d50b453ffbee4dba52d16c91d1c1247008edba0dbb84327a3c69c228f1e
Opcode Fuzzy Hash: a4d25939cf3d1400154aa70205c2cbbc0d4ca547c97f316e84044f209508c558
Instruction Fuzzy Hash: 70B17EF3F512254BF3544978CC983622683D795321F2F82788E8CABBCAD97E5D495384

Function 007B71E1 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7177b233fe537dfa3411fcff24867a6e27dc222caab8657a2c50f4d76efac40b
Instruction ID: 902d37aa3a1ed187ef994f6ea6e37e071ec4037bfbf4c8f0ad7543c5d6320bf7
Opcode Fuzzy Hash: 7177b233fe537dfa3411fcff24867a6e27dc222caab8657a2c50f4d76efac40b
Instruction Fuzzy Hash: EFB18CB3F1162647F3584974CCA83B26643DBD1321F2F82388F596BBC6D87E5D4A5284

Function 007F0289 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76bf08321d65c3f6fd9072f39fd8c3f0337bf1d91835c3b6d13fe33cd40df9b8
Instruction ID: 611d436b737febcffcd804e0af90b3122ac6be456f825652c76f75d81714c6f5
Opcode Fuzzy Hash: 76bf08321d65c3f6fd9072f39fd8c3f0337bf1d91835c3b6d13fe33cd40df9b8
Instruction Fuzzy Hash: DAB179B3F5122547F3544D38CDA83A176939B95320F2F42788E59AB7C5D97E6C0A6380

Function 0080F188 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f262cb23bfe52a45ad4ec06640b72ee4f437fd081c7cae7d191f88e9fab6241b
Instruction ID: 947841df8f53e3929c3b35a0ca34cca3234e3dc093f53194e105d0c49751d677
Opcode Fuzzy Hash: f262cb23bfe52a45ad4ec06640b72ee4f437fd081c7cae7d191f88e9fab6241b
Instruction Fuzzy Hash: 7AB16AB3F1122547F3544978CD983A26683D795324F2F8278CE58ABBCADC7E9D0A5384

Function 008B4124 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eef7d68abe3925662497a3a951a53ae30d75ab3d5b9ace37fd7153f056e51e8
Instruction ID: bc356a8ec00ca4d26c97a3cb6c3a7a9de30f5c6d1f879fd092305389bbe37155
Opcode Fuzzy Hash: 8eef7d68abe3925662497a3a951a53ae30d75ab3d5b9ace37fd7153f056e51e8
Instruction Fuzzy Hash: A7B17BB3E5153503F3944878DC583A2A5829BE5324F2F82788E9C7BBC6DC7E5D4A52C4

Function 007FC05A Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 418afb088735031f79863199447b93adbd2c7ba6b35e54f24dc01138e493eb9e
Instruction ID: 397ace0bd4f38dbf190c002220ef3f0fd3a8b7a24761961daceb7d695e223cca
Opcode Fuzzy Hash: 418afb088735031f79863199447b93adbd2c7ba6b35e54f24dc01138e493eb9e
Instruction Fuzzy Hash: 2EB1ACB3F2162607F3544969CC983A16683DBD5320F2F82788E9CAB7C6D87E9D495384

Function 008710C8 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0f5ac0f487bf0ab401630f989b42fda43d68df364b618806a58b428193c1b05
Instruction ID: 9a7a71a0e3cbd9ef82265ba481ad158ed9da836b59a42e47d2caac6f9d9703dd
Opcode Fuzzy Hash: f0f5ac0f487bf0ab401630f989b42fda43d68df364b618806a58b428193c1b05
Instruction Fuzzy Hash: D1B16AB3F112264BF3544E68CC983A17693EB95320F2F42788E4CAB7C6D97E5D496384

Function 008993EF Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b95d04ebde0fa4f51cca0c30172071f01ca8ee048f075dafa5d0968df376984
Instruction ID: 196e40706ed98696473daf3a4c6637d57d33df39426793eabfd27ac6cc4feba5
Opcode Fuzzy Hash: 0b95d04ebde0fa4f51cca0c30172071f01ca8ee048f075dafa5d0968df376984
Instruction Fuzzy Hash: F7B17AB3F112254BF3544939CD593A26683D7D5320F2F82388E5DABBCAD97E9C0A5384

Function 0084D19F Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3e7a352b6d10a0806f3980ef2734255e918e2a2c00a82dfe72b3b6cce416969
Instruction ID: 26b5c5181fd7b48d3a7fc6e2b9035d0af4f653610f32c2d256f0e75fd912089c
Opcode Fuzzy Hash: f3e7a352b6d10a0806f3980ef2734255e918e2a2c00a82dfe72b3b6cce416969
Instruction Fuzzy Hash: 37B1B3B3F5122107F3584939CC683766683DBD5324F2F82388A899BBCADC7E5C465384

Function 00812043 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 368613522f4f70f9db55d5d8c128e8b27cf80723dfd4fb81dd9b01426de7a475
Instruction ID: 6e42bd9ed9bfdf5ce15f3b962714c544691a7be6661723386e06192a65a2dd80
Opcode Fuzzy Hash: 368613522f4f70f9db55d5d8c128e8b27cf80723dfd4fb81dd9b01426de7a475
Instruction Fuzzy Hash: 79B18BB3F5122507F3588939CC983B26583DBD5314F2F82788F59ABBCAD87E5D0A5284

Function 009010E8 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1b260711aa9832cc508a702de0fb9cbff9c4a294478da0804b82faa446d6e14
Instruction ID: 622ffd4eca7e750d08f01b35af44a1215d496576254ef9b16eb38ea128e9dfd0
Opcode Fuzzy Hash: c1b260711aa9832cc508a702de0fb9cbff9c4a294478da0804b82faa446d6e14
Instruction Fuzzy Hash: 88B1ADB3F112214BF3544D68CC983A27683EB95314F2F82788E89AB7C9D97E6D495384

Function 008E80D8 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e66f18a8bb5153a3f07f5b66a3962e32f00f9a2f9847c379eb936d0e6909588a
Instruction ID: a430ac8057127c21c8cd4ce1a4d29f0367b563581ec7833a29adb24f38461bd8
Opcode Fuzzy Hash: e66f18a8bb5153a3f07f5b66a3962e32f00f9a2f9847c379eb936d0e6909588a
Instruction Fuzzy Hash: A5B17CB3F111254BF3584968CC593A26683EBD1324F2F82788E99AB7CAD87E5C465384

Function 00809306 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68b1d3ba802405b1590d60f9972f901d824265a262251f3e77b011fbc5a41d4b
Instruction ID: 911051696ce6b34f19990f2bb94cc040a7c1d50efab3c2bcc4253eea7b52ea53
Opcode Fuzzy Hash: 68b1d3ba802405b1590d60f9972f901d824265a262251f3e77b011fbc5a41d4b
Instruction Fuzzy Hash: 6AA1BEB3F516250BF35448B8CD983A16583D7D5324F2F82788E4CABBD6E8BE5C4A5384

Function 0088B317 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c753174277d1585eabcda008e6dac4f322ca3926ace3ccbccbe7becc6767257d
Instruction ID: 41b65be896ee1f15330cccda29aa90df3cec7c2bc54055f221d48493a02c9a18
Opcode Fuzzy Hash: c753174277d1585eabcda008e6dac4f322ca3926ace3ccbccbe7becc6767257d
Instruction Fuzzy Hash: 15A148B7E2113107F3644979CD683A2A5939BD1324F2F82788E5C7BBC6D87E5D0A52C4

Function 008E2359 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a9467d9d035d1998dfffd41196ccbf2033e40db3bfda15590a53dd569cdbb37
Instruction ID: c30c8c823739b5f9f3c108e29de6596b1cc63e75805b1719b5034b92191434c3
Opcode Fuzzy Hash: 3a9467d9d035d1998dfffd41196ccbf2033e40db3bfda15590a53dd569cdbb37
Instruction Fuzzy Hash: 7AB1FDB3F112224BF3544978CC683627293DBD6310F2F82788E48ABBD5D97E9D095384

Function 00804079 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86c7c44ad4d208788b678b2e7ed309a6304f899af1a5c016a65cd5b68a0d77bc
Instruction ID: bbd04d39df3717e0eb6803297f3f2213075b58b041ce725522a24a7291a8f589
Opcode Fuzzy Hash: 86c7c44ad4d208788b678b2e7ed309a6304f899af1a5c016a65cd5b68a0d77bc
Instruction Fuzzy Hash: EFA180B3F2122547F3544938CC983A16693EBD5320F2F82788E896BBC6DC7E5C4A5384

Function 0088E057 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 998e204af335e8d82323be9c39404923ae634eb9883212eacde6b482a1bf9aef
Instruction ID: d7403c5e2af00fe01e5a67a689d567ddbde4005baf23ff09beb0a101f1ca559a
Opcode Fuzzy Hash: 998e204af335e8d82323be9c39404923ae634eb9883212eacde6b482a1bf9aef
Instruction Fuzzy Hash: 54B1BCB3F1022647F3544E68CC683727692EB95324F2F82788E996BBC5D93E5D0963C4

Function 007C630D Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c56d34527978d5e3f667f41359e8ae8114f7e642a2795818edabf6485bffa61
Instruction ID: bca23651df2832b333ee6f242fcf3be452739884638cc61d10f5eb733697616a
Opcode Fuzzy Hash: 8c56d34527978d5e3f667f41359e8ae8114f7e642a2795818edabf6485bffa61
Instruction Fuzzy Hash: 7EA158B3F6162647F3584938CD593B26582DBA4324F2F823C4E9DA77C6D87E9D0A1284

Function 008C43FA Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 726798c53c9443641aa802620f1aa2b211d1bf7f2b8b7f7e0d40fa328c1ebf59
Instruction ID: 4a9685e5a4c389155a15f31c3c769b7bfc918f6f8ca9d53c2473774c9c270155
Opcode Fuzzy Hash: 726798c53c9443641aa802620f1aa2b211d1bf7f2b8b7f7e0d40fa328c1ebf59
Instruction Fuzzy Hash: 2CA17BB3F6162607F3544878CCA83A266839BD5324F2F82798F4D6B7C6D87E5D4A1384

Function 0086D1CE Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46d1ee39e4608295879632c68375220c94c5680da7074a5e1f7d3c82b91baca6
Instruction ID: 291ab0009c4de3a0bf54db863adfba64260fe8c27b66eea8aec31e2a3ffa7014
Opcode Fuzzy Hash: 46d1ee39e4608295879632c68375220c94c5680da7074a5e1f7d3c82b91baca6
Instruction Fuzzy Hash: 3DA19CB3F512254BF3544879CD9836266839BD5320F2F82788E5CABBC9DCBE5D0A5384

Function 008D3103 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e26c9fc91ed61e313f7e42faaad6a4954dc22ba61223213f333d06bc17bfe16c
Instruction ID: 59434d34d0eda486caf1a8df19f2c102ea2ab826c944f5317cc052ff1a014c94
Opcode Fuzzy Hash: e26c9fc91ed61e313f7e42faaad6a4954dc22ba61223213f333d06bc17bfe16c
Instruction Fuzzy Hash: 70A19AF3F2162547F3544879CC983626542A7D5324F2F82788F9C6BBC6D87E9D0A5384

Function 00807281 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5761c708a6d25f8a0e2bb0bbb21f1113cd1e9985d229a98e5d9c5efefd4500e3
Instruction ID: d7056a677e20a992f2d71756df7bd021e938a918ee864fb9b60b45ec440cf41a
Opcode Fuzzy Hash: 5761c708a6d25f8a0e2bb0bbb21f1113cd1e9985d229a98e5d9c5efefd4500e3
Instruction Fuzzy Hash: 9AA18CF3F5122547F3584878CD993A26582A791324F2F82388F6D6BBC6DCBE5D095384

Function 008FC34B Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1d0e515ee6bb3ae25c43477d03bee40db877a831d4b9c67d21227e4c6eefb0
Instruction ID: 66adf43263f562edcf39972534a5caa5f3888abd0f0298e164ded1f767313b7a
Opcode Fuzzy Hash: 2a1d0e515ee6bb3ae25c43477d03bee40db877a831d4b9c67d21227e4c6eefb0
Instruction Fuzzy Hash: 17A1CFB3F1122547F3544E68CC983A27293EB99314F2F82788E486B7C5D97F6D499384

Function 0085A1AC Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2da22ff37f105d0eacadf5065cc6d21822901b4270a6303cd6089ed0c1720008
Instruction ID: 1c151c3ac51ab54590a9301bb5ff56d31f39dc45367f597ba03d239e4a1c2fde
Opcode Fuzzy Hash: 2da22ff37f105d0eacadf5065cc6d21822901b4270a6303cd6089ed0c1720008
Instruction Fuzzy Hash: 85A14CF3F6122647F3544879CCA83A6658397D5324F2F82388F5D6BBC9D87E9D0A1284

Function 0084E02C Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0abda9521acd8f8c4f1cf9329bab625bd6c6cbd31191cf9d92cb418bc3ae5ae
Instruction ID: 04ccbed7052800b8e618002d8ee921f5cfa8ac6f7bf5b83cbf3a42af56a60518
Opcode Fuzzy Hash: d0abda9521acd8f8c4f1cf9329bab625bd6c6cbd31191cf9d92cb418bc3ae5ae
Instruction Fuzzy Hash: 4BA1C4B3F112254BF3504979CC983626183EBD5311F2F8278CE589BBCAD87E6D4A5384

Function 008B212C Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3984ee76a0461bcb290592214939830666c64fe02c35a52af86aa2040e522b38
Instruction ID: 929b82e8b74fcb852d59ec65d51faf94b80846c18d0130369ce8c6f07e83ebae
Opcode Fuzzy Hash: 3984ee76a0461bcb290592214939830666c64fe02c35a52af86aa2040e522b38
Instruction Fuzzy Hash: 26A17CB3F112254BF3544D38CD583626683D795324F2F82788E59ABBCAE87E5C4A5384

Function 0082D38A Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eca6cef4eead06fb72de96caa530bc50d2f45f5fbd62bad5d8213efe242cc87
Instruction ID: 5062e9f18a95fdef2036997d9b8b9d9a07d532b924b12495d10375fbddb0cb12
Opcode Fuzzy Hash: 2eca6cef4eead06fb72de96caa530bc50d2f45f5fbd62bad5d8213efe242cc87
Instruction Fuzzy Hash: D4A17FF3F1122647F3544878CC983626683D7D5324F2F82388B59ABBCAE97E9D465384

Function 007C20CD Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 532ec690f445bdbfb6e06a1a2ac0b2dcb475fc063c35816735801a8444ba28e0
Instruction ID: 79c5dd66b895569191260f43ae19562f68f32e0ccc79daf2ce103effa84529ac
Opcode Fuzzy Hash: 532ec690f445bdbfb6e06a1a2ac0b2dcb475fc063c35816735801a8444ba28e0
Instruction Fuzzy Hash: 56A17CB7F1162507F3544939CD993A22583D7A5321F2F82388F99AB7CADC7E990A1384

Function 008401DA Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a2f79f660dfda1be990c0dc38b4450325533f5ac9a9f9deda572399887094bf
Instruction ID: 0803c6d2ba877c8405e0bc458af07fcc9dfea27ae088350bce6199032137a94f
Opcode Fuzzy Hash: 6a2f79f660dfda1be990c0dc38b4450325533f5ac9a9f9deda572399887094bf
Instruction Fuzzy Hash: 48A1AFB3F6122547F3544978CC983A26683D7D5320F2F82388F58ABBC6D97E5D4A5384

Function 0088F2E6 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 301d56e976a0f34f8f74fb0326645a761c2cc5e24111063717ad10e4225951ff
Instruction ID: 31dabf4916cfd4ec9651cd160a1e4d6aca1da16d10520888032064280ec6c175
Opcode Fuzzy Hash: 301d56e976a0f34f8f74fb0326645a761c2cc5e24111063717ad10e4225951ff
Instruction Fuzzy Hash: 0BA168B3F1162547F3584878CCA83626583A795320F2F82788F9EAB7C6DC7E5D4A5384

Function 00824223 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a1e5bf21a4cd89dc1bb225c45edbd92fdad698f577ff3ff20a8d0a028c9d39f
Instruction ID: b52508f3df227ed6b9be7dfd795b02d13c9008219fb5f6e4076c396a723b48d1
Opcode Fuzzy Hash: 5a1e5bf21a4cd89dc1bb225c45edbd92fdad698f577ff3ff20a8d0a028c9d39f
Instruction Fuzzy Hash: 35A19EB3F112254BF3544829DC6836266839BE5324F3F82788E9DAB7C6DC7E5C4A5384

Function 007BF287 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fdcb98bf9dc0844703dfe47fc40c38165c956ba3d4ba35d858ccadb60e5b987
Instruction ID: 0eca86acba5077c253019167a1ef2553ef71ddaf6e8bac071f857dda29bd3cb8
Opcode Fuzzy Hash: 4fdcb98bf9dc0844703dfe47fc40c38165c956ba3d4ba35d858ccadb60e5b987
Instruction Fuzzy Hash: 13A16BF3F2162547F3544929CC683A266439BE1324F2F82788E9C6B7C6DC7E9D4A5384

Function 0082F28D Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2176cde26784466788c103ecab5fdc57521e914ca1375649e995435d0050998c
Instruction ID: fe37063fe46ed1527c7d46ec40995d3e0174763a6d63671a9bc04baa4279c19a
Opcode Fuzzy Hash: 2176cde26784466788c103ecab5fdc57521e914ca1375649e995435d0050998c
Instruction Fuzzy Hash: 35A189B3F1122547F3540978CC583A266939BE5324F2F42388E4CABBC6D9BE9C4A5384

Function 0083319E Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0b1bd1d4335e176d00a8a0cb5b19e85164c59bc653118b090dffaa22739a6d6
Instruction ID: 1dd1c4a73412f05411f50b07c1f7c2c8d9d44cc94e3c9a7d93eb926992343bd1
Opcode Fuzzy Hash: f0b1bd1d4335e176d00a8a0cb5b19e85164c59bc653118b090dffaa22739a6d6
Instruction Fuzzy Hash: D8A181B3F2122647F3544D69CC543627293EBD1321F2F82788E98AB7C5D93EAD4A5384

Function 0081B13C Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d57f1e813b8e005127d6406d52f9066923d542aa911e148ca0d445c60b776e27
Instruction ID: 9e0105e60b6f912e0cba624b26e6a7561f0daf5ba060716223db5a612a24cb7a
Opcode Fuzzy Hash: d57f1e813b8e005127d6406d52f9066923d542aa911e148ca0d445c60b776e27
Instruction Fuzzy Hash: 0A916DB3F1122547F3584879CD683A265839BD5324F2F82388E6DABBC5D8BE5D4A1284

Function 008D41BE Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e5b305999418d6685612dfb737c2f4a04ddf965da88209948c86d1cbd3087b5
Instruction ID: bb90b0bf1473aa53a38abf32d3e04418cca45beefa934c40467b347a1a9052b6
Opcode Fuzzy Hash: 5e5b305999418d6685612dfb737c2f4a04ddf965da88209948c86d1cbd3087b5
Instruction Fuzzy Hash: 9EA19CB3F1112547F3644D39CC583A26683ABD5324F2F42788E8C6B7C6D97E6D4A5384

Function 007E0229 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb782d54dbc9728d0b12b433506a55d2df996dbbda5b53c2a8e8a5ed1d45412a
Instruction ID: a01dc61d9529d403e7e3d7bd3b5d624cc899e736e9b1ddbff9687501f928f5f6
Opcode Fuzzy Hash: fb782d54dbc9728d0b12b433506a55d2df996dbbda5b53c2a8e8a5ed1d45412a
Instruction Fuzzy Hash: 6F916AB7F1252647F3584928CC693726583DBE1325F2F827C8A59AB7C9DC7D9C0A1384

Function 007EA10E Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9517cdb0cd1c752ec346c5265907efa143de47aa5235aeb234f477d56791e82
Instruction ID: 14d212097763613dabd35af83bd664e9c4dcb97824b23ca9d7996988d1615eb5
Opcode Fuzzy Hash: b9517cdb0cd1c752ec346c5265907efa143de47aa5235aeb234f477d56791e82
Instruction Fuzzy Hash: A7A18AB3F102264BF3544A69CC983A17693DB95320F2F82788E496B7C6D97F6C496384

Function 008AF253 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ea6ca2ad57a4b93822868041f88bc948e011aa47d57ee04e29569b87017a099
Instruction ID: cd2c3a0ea6288a1015f453f5d6de6aabf3d814e9bb45011f456b6ed497d07e50
Opcode Fuzzy Hash: 6ea6ca2ad57a4b93822868041f88bc948e011aa47d57ee04e29569b87017a099
Instruction Fuzzy Hash: 34916EF3F2162647F3544978CD883A26583D794324F2F82348F5CAB7CAE9BE9D465284

Function 00898252 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5bdd812a88179faf56840282e78aa77e99f34a4da3bca1e28260366d9ed3626
Instruction ID: 1062ac0ff44b7cf45a503e5dd3a26cae0b92e244e43b1b61051625d6ed07fc34
Opcode Fuzzy Hash: f5bdd812a88179faf56840282e78aa77e99f34a4da3bca1e28260366d9ed3626
Instruction Fuzzy Hash: C09199B7F2162507F3540839CC983A16583DBE5324F2F82788F98AB7C6DC7E9D4A5284

Function 007D0072 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2c27e577364dab4ccb4e6ba5c74a3fa631506322414eeb0eb45d031bfede826
Instruction ID: 6806d1f0a5b71f6150e86294faaa8f83fe83a8c95a21a1173a32fb9b8ed3f57c
Opcode Fuzzy Hash: d2c27e577364dab4ccb4e6ba5c74a3fa631506322414eeb0eb45d031bfede826
Instruction Fuzzy Hash: F2918DB3F112254BF3544978CC583626683DBD5320F2F82788E5DABBCADC7E9D095284

Function 007C1107 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b70845d55350d55b1259147d524dd9e058641f763e437e7d5a22b3aef12fd31
Instruction ID: 985487a6fca1404f1994621f6ca1a2abba3d098aa0b50d9a858562b84647ac34
Opcode Fuzzy Hash: 4b70845d55350d55b1259147d524dd9e058641f763e437e7d5a22b3aef12fd31
Instruction Fuzzy Hash: 51A19AB3F1122547F3584938CC58361B283DBE5320F2F427C8E696B7DAE97E6D495284

Function 007DD07C Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aeac8789d0d494a8913ad6982eab704d3b1a9730e379aed15532d66ea6bc796
Instruction ID: d016581e956d402fa54a76f784a1c263c85c115077fc04a35dba81530cb4dd1c
Opcode Fuzzy Hash: 3aeac8789d0d494a8913ad6982eab704d3b1a9730e379aed15532d66ea6bc796
Instruction Fuzzy Hash: F5919CB3F4122647F3240D29DC983A176939BD5324F2F42788E8C6BBC6E97E5D4A5384

Function 007BC120 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da4da5de0af1a968624ec65c7945889e6f342090cb1b5bab5051b42c868d8a23
Instruction ID: 798e317e4140f867b606d77d3aabe2dfe1f5fd18e159d6aed3030c45d8deab11
Opcode Fuzzy Hash: da4da5de0af1a968624ec65c7945889e6f342090cb1b5bab5051b42c868d8a23
Instruction Fuzzy Hash: 41A1AEB3F202254BF3504A69CC983623693DBD5320F2F82788E48AB7C5D97E9D4A5384

Function 00902123 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d51edf756489630302f7b2d53b46a18eb17455e903a5c1826f4a5ce277c46d9
Instruction ID: 9a6aca549a2f198203fa4f91b808f6f13dc6e162055f9675e3b186d05aa6a68b
Opcode Fuzzy Hash: 2d51edf756489630302f7b2d53b46a18eb17455e903a5c1826f4a5ce277c46d9
Instruction Fuzzy Hash: 6E916BB3F1162547F3544879CD98362658397E5324F2F82398FADABBCADC7E8D061284

Function 007C90A0 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 725918d8c91ca37ca0e64d486cb00d74491267f2ce3aaf4e4578c67343b1c9b5
Instruction ID: 6d6c0a8066bf9a0f078738375ac0f5ff0beb3e67b6e13532d13fd0d07156c93e
Opcode Fuzzy Hash: 725918d8c91ca37ca0e64d486cb00d74491267f2ce3aaf4e4578c67343b1c9b5
Instruction Fuzzy Hash: E2919CB3F112264BF3544928CC583A2B283DBD5321F2F82788E496B7CAE97E5D495384

Function 0083024E Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62e38ffe9801f2fe7fedf6b86d4ceca05a7e09be06922096c87ebfe71f91d242
Instruction ID: 3404a2ef08d4348ecc3a323e6be00df6158dbffdc700cb23159ebd5deb8af8a7
Opcode Fuzzy Hash: 62e38ffe9801f2fe7fedf6b86d4ceca05a7e09be06922096c87ebfe71f91d242
Instruction Fuzzy Hash: 39919EB3F115254BF3544879CC683626283EBE5324F2F82788E5CAB7C6D97E9C0A5384

Function 0084C223 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 192ba0a5b5cca60a1b983fcc85d3544c58553ab48ab1f0b0614eb9d3ff55247a
Instruction ID: 7d89fb04d7b4c948770a65e7eba88a64b4c63a2e334a1d02905868b02b2c296a
Opcode Fuzzy Hash: 192ba0a5b5cca60a1b983fcc85d3544c58553ab48ab1f0b0614eb9d3ff55247a
Instruction Fuzzy Hash: 9291A0B3F1262547F3544979CC983A266839BE5320F3F82788A9C5B7C6DCBE5C4A5384

Function 00881258 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bae1e6f73234bb329b0f0e2cb3463352ce0765954bf57c66293d473718bfffba
Instruction ID: 9e74bc2f0c5f40e2bba80049d8232ecd0f8b6d317ce00abec514ea53c8a7f546
Opcode Fuzzy Hash: bae1e6f73234bb329b0f0e2cb3463352ce0765954bf57c66293d473718bfffba
Instruction Fuzzy Hash: BB916AB3F111254BF3548969CC543A2B2839BD5325F2F82788E8CAB7C5E97E9C4A53C4

Function 0088531B Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ea869624e2ea966bcdfa023667acf4d96ee72017c74d1cea46ee991efeeef1
Instruction ID: eb46e97f577eb5611baa3a249555d8e38ef6fc875899056270bda031a27f3397
Opcode Fuzzy Hash: b0ea869624e2ea966bcdfa023667acf4d96ee72017c74d1cea46ee991efeeef1
Instruction Fuzzy Hash: EF914AB3F1122547F3604929DC983627693DBD5320F2F81788E8C6B7C9E97E5D4A5384

Function 00848245 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f8d535146a6ee5c666df1f65564f29327fbbf70fec24ec38b4293c4b8a23f8c
Instruction ID: d0fd55b2a096913217dcbd8d3612d1da1ff3c016d7761b12fb0460043d3d4b92
Opcode Fuzzy Hash: 9f8d535146a6ee5c666df1f65564f29327fbbf70fec24ec38b4293c4b8a23f8c
Instruction Fuzzy Hash: 3F9189F3F5122547F3544938CCA83A1668397D5321F2F82788F6C6BBC6D87E5D0A5284

Function 0089B1B8 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3380ea64b9e66dcdea82067cd9f1e93058910cf0365aeda6f58a27f3d71aeaeb
Instruction ID: 4f09dacda1b7ff6fb30aeaf94b346b1ebe58bdcbce6bfd221a60579c9c7311f3
Opcode Fuzzy Hash: 3380ea64b9e66dcdea82067cd9f1e93058910cf0365aeda6f58a27f3d71aeaeb
Instruction Fuzzy Hash: 28919DB3F112164BF3544E68CC543723653EBD6321F2F81788A886B7C6D97E6C4AA384

Function 00864039 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c1208cdabb39dc86c0bacb2322c370b4f51df4eeca1296700107a55d009ae82
Instruction ID: b71170901957c431709c1e1426095c47c1541cb1a4adc18a3d7159a6a69c0b14
Opcode Fuzzy Hash: 7c1208cdabb39dc86c0bacb2322c370b4f51df4eeca1296700107a55d009ae82
Instruction Fuzzy Hash: 38918BF3F2122547F3544978CC583A26183D7D5325F2F82788E58AB7CAD8BE9D4A5384

Function 0090E2D6 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c351f17178ea864a56530d94cc83e9ec5bf45ba8ef23daeb5b90beced332e728
Instruction ID: f63d3b18c03548e8eb343e34d5bfb554deef78802a754d54d6eafa70cb1acf03
Opcode Fuzzy Hash: c351f17178ea864a56530d94cc83e9ec5bf45ba8ef23daeb5b90beced332e728
Instruction Fuzzy Hash: 0D918DB3F116254BF3444939CCA83616683EBE5320F2F82788E996B7C6DC7E5D4A5384

Function 007CF244 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12fb37952a544a1daaa9445373823c92af798d68656cd2ee4edb0ce6b47b664d
Instruction ID: a226ff1254ede4199c370c77da45dff36bbb3107847cdb3c41d5eb974e15a69e
Opcode Fuzzy Hash: 12fb37952a544a1daaa9445373823c92af798d68656cd2ee4edb0ce6b47b664d
Instruction Fuzzy Hash: 769179B3F1162647F3504D68CC983A17683EBA5314F2F81788F886B7CAD87EAD495384

Function 0084A248 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e10b88b458cfc2a534095dd691ef4bc053e61a35ee412a41c428b1eb7a5bce15
Instruction ID: b42e3006f10482ced735298cacde018691929b0a642e6d3a3250657e13e9f198
Opcode Fuzzy Hash: e10b88b458cfc2a534095dd691ef4bc053e61a35ee412a41c428b1eb7a5bce15
Instruction Fuzzy Hash: 7D9159B7F512250BF3584D69CCA83666683EBD1320F2F823C8E496B7C5E97E5D0A5384

Function 0087A27F Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b52957622b24b1c9ab074dc56aa8cfc65d78bde8cda5b91d8ba1d26baa8c8830
Instruction ID: b63942ad826139a76f5e8e026bb19dd7dedeeb36a6860b1fcb5773de1e258114
Opcode Fuzzy Hash: b52957622b24b1c9ab074dc56aa8cfc65d78bde8cda5b91d8ba1d26baa8c8830
Instruction Fuzzy Hash: DB918DB3F1112647F3644978CC6837266839BE5320F2F82788F5DABBC5D97E5C4A5284

Function 008D5303 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 381a9cf3c025e0ab377a8034f4fa9968e015f7a4c54a7d13739048f43239271d
Instruction ID: 2c54b6f4d95d2d6846b67e23024cdfaa302b4fdf360bd5b15dd6efd7de4d6094
Opcode Fuzzy Hash: 381a9cf3c025e0ab377a8034f4fa9968e015f7a4c54a7d13739048f43239271d
Instruction Fuzzy Hash: C3918EB7F6162647F3904928CC583616243DBE1325F2F82788E9CAB7C6D87E9D4A5384

Function 008C732F Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d365cc0534f227b27788129ebc1683603121d0c85fafe630ee33219705f480a2
Instruction ID: 2e0eec66adece6e5d07b65d161f80bb915db6fa8692f63c1c92db9fd4c6a1c05
Opcode Fuzzy Hash: d365cc0534f227b27788129ebc1683603121d0c85fafe630ee33219705f480a2
Instruction Fuzzy Hash: 3C918BB3F1163547F3944978CC983A16292E7A5321F2F82788E8CAB7C6E97E5D0953C4

Function 00854162 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34fe2a8e11db387e56a0204b416fe26d4fd90a93792f43d971878bb3f98255da
Instruction ID: 7d2174b5c83a03e856106a4bd02cc398b20c1c5d62f0a24750966857ae0b5a41
Opcode Fuzzy Hash: 34fe2a8e11db387e56a0204b416fe26d4fd90a93792f43d971878bb3f98255da
Instruction Fuzzy Hash: 5691BDB3F5122547F3544939CC583A16683E7E5324F2F82788E99ABBCADC7E5C0A1384

Function 0081628B Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf4a40bf8ae4b2f6268bff52cc99daaed770ba8f6d83e9aae18ec3de9e54eb6b
Instruction ID: 30e4bab23011a904454584263b9d54678b701d65f91670931fecb55ecefb4b45
Opcode Fuzzy Hash: bf4a40bf8ae4b2f6268bff52cc99daaed770ba8f6d83e9aae18ec3de9e54eb6b
Instruction Fuzzy Hash: 7191C0B3E112254BF3584D28CC583A17693EB91320F2F827C8E8CAB7C5E97E5D495384

Function 00820191 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acf689294cb8ccca74f50b8fa0bd87ec4b3d08ac5054af1c2367f78c1943f69a
Instruction ID: 583e6c654c6e9e19466c8ca8f4c4760ca349cacbfa0af939859b18a9e7e57e51
Opcode Fuzzy Hash: acf689294cb8ccca74f50b8fa0bd87ec4b3d08ac5054af1c2367f78c1943f69a
Instruction Fuzzy Hash: 3C91BEB3F111254BF3504969CC54361B693ABD5320F2F82788E98ABBCADD7E6D0A53C4

Function 008F5232 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 186c98ab020997c8937598b39b7bec8e7258ebcf9287b774b9c9862084f4473f
Instruction ID: cb23bd13b614db20db3a747ac7e2134f628cd50796c4c497a699f9ca75c0064f
Opcode Fuzzy Hash: 186c98ab020997c8937598b39b7bec8e7258ebcf9287b774b9c9862084f4473f
Instruction Fuzzy Hash: F7916AB3F112254BF3504969CC883A17693DBD5320F2F82788E9C6B7C6D97E6D496384

Function 008DB1E6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbbe3bac0cf02535372688e2e083cb092dc3c50465010be8a780aef27896e3d9
Instruction ID: 7de3af9b65ec3be2feef98299db50762a3154f9faeda0d272a05675f2e82d99c
Opcode Fuzzy Hash: bbbe3bac0cf02535372688e2e083cb092dc3c50465010be8a780aef27896e3d9
Instruction Fuzzy Hash: 41919FF3F125264BF3544938DC943616683EBE4324F2F82388A58ABBC6D97E5D4A5384

Function 0080E10F Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b61f34a630320629548891ddb47f3254894aec8b1c2d945ee9144b48a50ef4be
Instruction ID: 42c86b87fc9d99b281ad27c4d43d3a29a34db17174491297093ff12cfcbdd810
Opcode Fuzzy Hash: b61f34a630320629548891ddb47f3254894aec8b1c2d945ee9144b48a50ef4be
Instruction Fuzzy Hash: 1991AFB3F112294BF3544D29CC983A17693ABD5320F2F82788E9C9B7C6D97E5D495380

Function 007BD205 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65ceba013b939b8811f3852bf21230844e33c5753edf59be437ff432e3c062c4
Instruction ID: b87e03e13b19c8404b08064d6a29977d3210b36b4fcf7824aefe58c5bbcb5bcd
Opcode Fuzzy Hash: 65ceba013b939b8811f3852bf21230844e33c5753edf59be437ff432e3c062c4
Instruction Fuzzy Hash: E491BEB3F1122647F3548829CC5836266839BD5310F2F82788E4CABBCADD7E5D0A53C4

Function 0090632D Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38b8e8179c938b031e0e706d299a6ad93556035870abc3e8cf71fb64bb50047d
Instruction ID: 2b06ae0a1d1e7c33f2133f2aab81726df4a92db4b693a3b2744cf86502369711
Opcode Fuzzy Hash: 38b8e8179c938b031e0e706d299a6ad93556035870abc3e8cf71fb64bb50047d
Instruction Fuzzy Hash: B091BDB3F5162547F3444938CC983A26683EBD5324F2F82788A5D9B7C6DC7E9D0A5384

Function 008E61C1 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be2383c02456c5169846f16f49cf854fd562bd469d96d99e6e34e9be91e7835f
Instruction ID: d9833f5c7567aa0f6ca5b6b97d50f7bacef4dbc4921d8b88e8a5bbf990336ef8
Opcode Fuzzy Hash: be2383c02456c5169846f16f49cf854fd562bd469d96d99e6e34e9be91e7835f
Instruction Fuzzy Hash: 9C918CB3F2122547F3504D29CC883627693EBD5324F2F81788E986B7CAD97E6D4A5384

Function 0085C247 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66ec023b8b5bbb2921a77a27f645363c0522b40d96cf027b336857f6c87bee2d
Instruction ID: 13df995da0466097066f98d4171e828b45e5bc6cc47e9983a14e0311c38d9fca
Opcode Fuzzy Hash: 66ec023b8b5bbb2921a77a27f645363c0522b40d96cf027b336857f6c87bee2d
Instruction Fuzzy Hash: E2918CB3F506254BF3644D69CC983A1B282EBA5324F2F41788E4C6B7C2D97E6D0993C4

Function 0089534D Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d058901b8ca214ad7a8b06d8b0aec5fad4e05c8eef00583a10cd28bb63f22bf9
Instruction ID: a342b2eae8b77f77a60ec5492e7f7675805f8cb15c6e70d18357198c6c262898
Opcode Fuzzy Hash: d058901b8ca214ad7a8b06d8b0aec5fad4e05c8eef00583a10cd28bb63f22bf9
Instruction Fuzzy Hash: 44816FB3F6122647F3544879CD983626583DBD5320F2F82788F58ABBC9DC7E9D0A5284

Function 007B63B5 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6f695ac055bc678bc71155fe7607f45e977ddd723c81fa23d2a7af5ddb09bc5
Instruction ID: 233bf195a65598ffb744874be44e3f0ef021188d181d1de0afd7f25f71f3fe6d
Opcode Fuzzy Hash: b6f695ac055bc678bc71155fe7607f45e977ddd723c81fa23d2a7af5ddb09bc5
Instruction Fuzzy Hash: F5815EB3F112264BF3544978CC583617693EBA1311F2F82788E89ABBC9D97E5D0A5384

Function 007C42DC Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fc3c4f6789fcee6af6ea22e07f9189c01879624aa2ce0f68369165fbf9d4512
Instruction ID: fbc2d4f7dfce16564d00ccffde1f483f5aa221e0eaaff15fdcd7d9e70bc43db9
Opcode Fuzzy Hash: 8fc3c4f6789fcee6af6ea22e07f9189c01879624aa2ce0f68369165fbf9d4512
Instruction Fuzzy Hash: 419169B3F112264BF3104E68CC943617793DB95324F2F42788E586B7C6E97EAD499388

Function 0085B136 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b163547a81f79f036aec15b45c2edb7309ab5f11a418ed292476eb8a64acec4
Instruction ID: 0c4121750e5378527ff5d6317fda910d64811e5e837c60e21c03c560b766ad08
Opcode Fuzzy Hash: 7b163547a81f79f036aec15b45c2edb7309ab5f11a418ed292476eb8a64acec4
Instruction Fuzzy Hash: 2291ACB3F112264BF3544D28CC583617653EBD1325F2F82788E886B7CAD93E6D4A9384

Function 008960E2 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45b6ed6777f9a496ea2f8eac9b849d4355265b0cc191bcf4791b248b564e674d
Instruction ID: b04d15c3f73b76e87d1b858b2aecafdc2cfd68a1f4da0f19aa3c959d4754254c
Opcode Fuzzy Hash: 45b6ed6777f9a496ea2f8eac9b849d4355265b0cc191bcf4791b248b564e674d
Instruction Fuzzy Hash: 57819CB3F112264BF3544AA4CCA83B27243DBD5314F2F81788E586B7C2D97E6D59A384

Function 008CB2BD Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ff5bdcd8a7e9619ab3a521472db9d186c92feb225634c9e797ffe75e4145c61
Instruction ID: e088f16c628812223760a2eb3322ff774c2eff50c8ef512f9cf67afc501e25c7
Opcode Fuzzy Hash: 6ff5bdcd8a7e9619ab3a521472db9d186c92feb225634c9e797ffe75e4145c61
Instruction Fuzzy Hash: 29918DF7E2152547F3444939CC283A22682D7A5320F2F82788E9DAB7D5DD7E9D0A53C4

Function 0090D0E3 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef8109fa4a40efb8badc3e5ff65858c117383f49bb23b80556f3a8fb44d95c92
Instruction ID: 767794bddbaf9e08a7e4161f0cc50f914b70163ea335f1a19c3c2f63dc4c1b2f
Opcode Fuzzy Hash: ef8109fa4a40efb8badc3e5ff65858c117383f49bb23b80556f3a8fb44d95c92
Instruction Fuzzy Hash: 4091ACB3F5122547F3540D78CCA83A13682EB95320F2F82788E996BBC6DC7E5D0A5384

Function 008762BF Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2765dd1cd305a52bef60236e800093482d8d971df303125775868be2d4bd835
Instruction ID: 8ded9a095e5ff6e5f00c76c71f93cea8c483ae8a325d17b25e651ec0a3ba17d9
Opcode Fuzzy Hash: a2765dd1cd305a52bef60236e800093482d8d971df303125775868be2d4bd835
Instruction Fuzzy Hash: D78159F7F6162607F3484878DC59362658397E1325F2F82388F59AB7CADC7E9C061288

Function 0083628B Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 708f5f1f14b5d80f7a2e7a3490cbc80a4e2880b5fc00eb5c394a6f7d2795af78
Instruction ID: 39bbbf5e91c76759ff6b830a5d89971e54a4e1671ca3071f941d98d1839ca3a8
Opcode Fuzzy Hash: 708f5f1f14b5d80f7a2e7a3490cbc80a4e2880b5fc00eb5c394a6f7d2795af78
Instruction Fuzzy Hash: D7819BB7F116214BF3544D68CC983622683D795324F2F82788E5D6BBCADD7E6C0A5384

Function 0082C34E Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db5958ae6421e0142f0e2ea554caa10e721d47edb96f5007e8cc32e1b4741f4e
Instruction ID: c3bd5719ebff161bb50b7a1fb70ebf58f65cb1001a681859b7197462783aae08
Opcode Fuzzy Hash: db5958ae6421e0142f0e2ea554caa10e721d47edb96f5007e8cc32e1b4741f4e
Instruction Fuzzy Hash: 72816CB3F1122647F3544938CC983617692ABD5324F3F82388E9C6BBC6D97E5D4A5384

Function 008FF0F0 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c35602b3cf9f5c9b68fe36a3759574f38e105d475dfea8462b6b96a4f423f456
Instruction ID: 445bf9fba4ae9422c270106c5f0dcc5130118d102c4c43f720054c74783a1757
Opcode Fuzzy Hash: c35602b3cf9f5c9b68fe36a3759574f38e105d475dfea8462b6b96a4f423f456
Instruction Fuzzy Hash: CE819AB3F2222547F3544D39CC583612283ABE5321F2F82788E986B7C6DC7E6D4A5384

Function 007E224E Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 295b2129e89bd6c5cdb946ed3c8d1c57f4e9f97b507e78bcd0996b44d78e5819
Instruction ID: dd9f93f60383d43485f462830cfd988a4a1417656c43286dab5ee3a8a147ce16
Opcode Fuzzy Hash: 295b2129e89bd6c5cdb946ed3c8d1c57f4e9f97b507e78bcd0996b44d78e5819
Instruction Fuzzy Hash: 248190B3F002258BF3544E29CCA43A17393EB95310F2F81788A896B7C6D97E6D469784

Function 0083804A Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e71a4e881a2e24da537d7e33207e3b9d7130b3b31610a9722905ef9a53193e6f
Instruction ID: 09c709f9597dd28daac90e2fa70e8a6268402e39c020c0ba96a2b13adf15d592
Opcode Fuzzy Hash: e71a4e881a2e24da537d7e33207e3b9d7130b3b31610a9722905ef9a53193e6f
Instruction Fuzzy Hash: 3B81DCB3F112254BF3540D39CC983A16643EB96321F2F82788E986BBC5DD7E5D096384

Function 00879069 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a5b4670e327e018f2167f19118c415d36333c1c27db446048d1ccc3d7884546
Instruction ID: 38a2dd209391b72cd66a865971d8d4c2b01f34596c76aa260df99c0baa250bab
Opcode Fuzzy Hash: 8a5b4670e327e018f2167f19118c415d36333c1c27db446048d1ccc3d7884546
Instruction Fuzzy Hash: DC81AFB3F112254BF3544E68CC983B13292EB95310F2F8178CE895B7C6D97EAD49A384

Function 009102F1 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6060fca3f936612e1d93d306f974ca68769142d68ea5eb7939d30417dbc60ba4
Instruction ID: 564b84d819685bdc16fc8076b2bbb91a3b160d07cb4fa20d013a9959808081c5
Opcode Fuzzy Hash: 6060fca3f936612e1d93d306f974ca68769142d68ea5eb7939d30417dbc60ba4
Instruction Fuzzy Hash: 0A8129B3F1212647F3604A28DC543A17293ABD5321F3F41788E8C6B7C6E93E6D49A784

Function 0089D052 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cd8ce214445c2e4871663894de71c2ff9b14987e1c308dd11ed95442d5472cd
Instruction ID: 3b8877ad9a0b5629c19ad047cd7e9064229f63286f07d2d03abbda47a52f2644
Opcode Fuzzy Hash: 3cd8ce214445c2e4871663894de71c2ff9b14987e1c308dd11ed95442d5472cd
Instruction Fuzzy Hash: 2381ADB3F1022547F7584E28CCA43A17293EBA5320F2F427C8E99AB7C6E97E5D455384

Function 008442D8 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c12825f051a533187458a3f16665dd1ef8cac48c8afcd6b2bde8377c759f129b
Instruction ID: 51463c034cb391c7544e8ab10854288a32c6e80d9d5b8cd145a08e4f5af0ea62
Opcode Fuzzy Hash: c12825f051a533187458a3f16665dd1ef8cac48c8afcd6b2bde8377c759f129b
Instruction Fuzzy Hash: 15817DB3F6162647F3944978CC583616283DBD5324F2F82788E9CAB7C6D93E9D095384

Function 008D818D Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a0d079d65ac82be9003fb1482eda27f03da61937dd7d8feb57ae9604d444e20
Instruction ID: b460ccf8e82b9cb3a4217754f442a7e1b5a01c4869f8775673a508ddc6331c4d
Opcode Fuzzy Hash: 6a0d079d65ac82be9003fb1482eda27f03da61937dd7d8feb57ae9604d444e20
Instruction Fuzzy Hash: E781A1F3F512254BF3544D78DC983A17682EB95310F2F82388E89ABBC6D97E9D095384

Function 008E73AC Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06b1e1f4e669b47916bd0ea4ed095c0591ec52f143476dbd53343af1eeafa66d
Instruction ID: 9e80de8502f7e7371c4014da9c243227610b57282e6ef21805fabba968fb2b96
Opcode Fuzzy Hash: 06b1e1f4e669b47916bd0ea4ed095c0591ec52f143476dbd53343af1eeafa66d
Instruction Fuzzy Hash: 9281ABF7E1122607F3544868CC583626283DBA0325F2F82788E8C6BBC9ED7E5D465384

Function 007E7339 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff47cfe23c942f93bdf5d8f5539cc70cc4cc2071a5faeac1f0f8711eb8aaf0da
Instruction ID: f5859a441593fe0a54377499c91b0efc4c15cea2a0a4eeb6322f638609694c20
Opcode Fuzzy Hash: ff47cfe23c942f93bdf5d8f5539cc70cc4cc2071a5faeac1f0f8711eb8aaf0da
Instruction Fuzzy Hash: 6C818EB3F112254BF3448939CD993623683DBD5310F2F82788A4CABBDAD87D9D0A5384

Function 007B63E1 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cda6a602148b2eba2ef0d46ef48464a3c24d5c80f9a613f93d2f3c219dbf6716
Instruction ID: 3841b7c58e0ca028b7d7f6c42a435962befd86e8000faa2ed39b532babf25543
Opcode Fuzzy Hash: cda6a602148b2eba2ef0d46ef48464a3c24d5c80f9a613f93d2f3c219dbf6716
Instruction Fuzzy Hash: 5C815EB3F212254BF3544968CC583617653E7A1311F2F82788E8DABBC9D97E5D0A53C4

Function 0085926F Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f776049076cd4f1900fb62a005f769c221f51c0f2517ef613fe52c9dae289152
Instruction ID: fdc318c49397565fd85715d518a5f65f51c366f32b6dbca6943dd03c7f1206f6
Opcode Fuzzy Hash: f776049076cd4f1900fb62a005f769c221f51c0f2517ef613fe52c9dae289152
Instruction Fuzzy Hash: A8819AF3F1152647F3544868CC493A2A24397D1321F2F82788E1CABBC5EC7E9D4A5384

Function 00875311 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a05e7b710ad48149ad85ba11b6f2e600482178468d893dba5e9e0571f79f7a8b
Instruction ID: a2c8149845d5a62de9931d9444d80af6b4d37748f4832f57cfa075b985b94b5e
Opcode Fuzzy Hash: a05e7b710ad48149ad85ba11b6f2e600482178468d893dba5e9e0571f79f7a8b
Instruction Fuzzy Hash: AB8159B3F2112647F3A44D29CC583A17693ABE1310F2F82788E8DAB7C5D97E6D495384

Function 008490B3 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f6d1265f70a8b99aa4766215b7277c00dc5b528af485f76e8cb616c45eb5c49
Instruction ID: f126cfc6beda6ffe7c9ae6cdd3b46514c5692095be2bfebba912ebd85c3fa69c
Opcode Fuzzy Hash: 8f6d1265f70a8b99aa4766215b7277c00dc5b528af485f76e8cb616c45eb5c49
Instruction Fuzzy Hash: 9381C0B3F1122647F3544A69CC943A27283DBD5320F3F82788A58AB7C6DE7E5D0A5384

Function 007E417B Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8498289c72b30cdec5d7a9b54a000290e68f1f3df16d51dd6b4d3008774af8ce
Instruction ID: 6fe1aab2a76ca32b982eb3a1d7476b5c059674728b8c0f9dfc383d8186ac799d
Opcode Fuzzy Hash: 8498289c72b30cdec5d7a9b54a000290e68f1f3df16d51dd6b4d3008774af8ce
Instruction Fuzzy Hash: 57818FB7F113264BF3544D68CC983627692DB99310F2F82788E8CAB7C6D97E9D095384

Function 008B70E4 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f67ca76d1a69359a0924cabf406cb8d7a8b7239f1764fabee034c1a26b65b76
Instruction ID: 305cc6aa6f30e939e5efcca18f8babb444a8ead3c5291b2c5716437def1606eb
Opcode Fuzzy Hash: 1f67ca76d1a69359a0924cabf406cb8d7a8b7239f1764fabee034c1a26b65b76
Instruction Fuzzy Hash: D78160A7F1122607F3944979CD583626683DBD5321F2F81788E8CAB7CADC7E9C065384

Function 008461BB Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f7cae67599775aef41810ef162826f39904bff91e2b9bfaf7beb18df3bb761a
Instruction ID: 107d2fbc8be008ce6df600200e97e94ea12146f6e88d40599128f4addd5ae783
Opcode Fuzzy Hash: 8f7cae67599775aef41810ef162826f39904bff91e2b9bfaf7beb18df3bb761a
Instruction Fuzzy Hash: 5681F0B3F1122547F7544D68CC983A17683EBD5320F2F81788E886B7CAD9BE6D095384

Function 00805243 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89a81782451649357c9bfcd0383103d4d6b3e194e89c382c31951ac2688226a5
Instruction ID: bca4c6e0a750ffa61686a0a7b328f7373c18aae2895d5cf3615a70cda72d233d
Opcode Fuzzy Hash: 89a81782451649357c9bfcd0383103d4d6b3e194e89c382c31951ac2688226a5
Instruction Fuzzy Hash: CF814AB3E1152647F3544A28CC983A17653ABD5320F3F41788D8CAB7C2DA7EAD1A67C4

Function 0088D242 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71b6bade15a1dbb30fb57b8c05f10b6361df7649a70c70bc1edb34124593403b
Instruction ID: ab91497134fc183f71f8222e70c6a56cea8ec2a38eaf5269da099c845318b4a4
Opcode Fuzzy Hash: 71b6bade15a1dbb30fb57b8c05f10b6361df7649a70c70bc1edb34124593403b
Instruction Fuzzy Hash: 7D818EB3F1122547F3544D29CCA83A16283DBD5320F2F82788E99AB7C6DD7E9D4A5380

Function 007D70B1 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a89280a5f1f102da75442b82cc255ce162450074c4947e78a4db6d76e10618e0
Instruction ID: eea082424c9ca6979e7a948213ca1c552e7e4a294aecaac35f45b6160d82f672
Opcode Fuzzy Hash: a89280a5f1f102da75442b82cc255ce162450074c4947e78a4db6d76e10618e0
Instruction Fuzzy Hash: 6A81ABB3F111254BF3144E29CC583A27693DBC5721F2F82788E499B7C6D97EAC49A384

Function 00890321 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 188413dd7b65b081f55ec7d8898477047cfc5343c0db14b5748a9cf1d359100b
Instruction ID: c9bfc899ef14535ed0b7a290f983750eb03af7e9c330634250727e0cd067129c
Opcode Fuzzy Hash: 188413dd7b65b081f55ec7d8898477047cfc5343c0db14b5748a9cf1d359100b
Instruction Fuzzy Hash: E48158B7F1122647F3584978CCA83B26143DBD1324F2F82788E996BBC9D87E5D4A5284

Function 008F4172 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bc6e8e9fa210be97bb1dbfd6bf4c32b44dc6dbfc5bb8a58beade35f7befa3ec
Instruction ID: 3ac25c1caa434a03806b51715fbbfbd5a362278161b846309175c0583bc7b0f0
Opcode Fuzzy Hash: 8bc6e8e9fa210be97bb1dbfd6bf4c32b44dc6dbfc5bb8a58beade35f7befa3ec
Instruction Fuzzy Hash: E0818CB3F112254BF3144D29CC943627693EBD5325F2F81788B886B7C9E97E6D069384

Function 0084B319 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c85164939d34c7ded01755c0ff021712abee0b69a49e2583c1b1491bdaf87ca0
Instruction ID: 0987dc8a852ad1fd62d0d00cc4947b04d0739e45dc8e05f7adf57a441174e9eb
Opcode Fuzzy Hash: c85164939d34c7ded01755c0ff021712abee0b69a49e2583c1b1491bdaf87ca0
Instruction Fuzzy Hash: EF817AF3F2162547F3548928CC983617683EBD4325F2F82788B886BBCADD7E5D065284

Function 007EB2C5 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b77ff796b7a3a752b753e423d3a2bd4f9bd8e8772c265b5069ba0edaf55c1a71
Instruction ID: 607036c3db86f85f8b2965eebd0f53199a56d0f6eae969dde9d7f1b77b734ed4
Opcode Fuzzy Hash: b77ff796b7a3a752b753e423d3a2bd4f9bd8e8772c265b5069ba0edaf55c1a71
Instruction Fuzzy Hash: 41819EB3E1112647F3644D29CC983A1B642EBA5320F2F82788E9C6B7C6D97E6D4953C4

Function 0082A173 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39db86d3e5e46ca37d4f6b4917bd0627a1aa94db1717b8e083bf1e1c27453e78
Instruction ID: 6818565de17eaaa72525a702b9216c0f24fa18d0237632ac56884d5cc8783041
Opcode Fuzzy Hash: 39db86d3e5e46ca37d4f6b4917bd0627a1aa94db1717b8e083bf1e1c27453e78
Instruction Fuzzy Hash: 91819CB3F112254BF3544978CC983A17692DB95324F2F42788E9C6B7C2D9BE6D096384

Function 008E13AE Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0497316931361c26d234e8e155ede0b4d8f3f84c1a7e59ae715d4f61e751c0b8
Instruction ID: f20e07cb57a33748f017ab15b2d56a88688c96f608467606aabdbd9a7737a0dc
Opcode Fuzzy Hash: 0497316931361c26d234e8e155ede0b4d8f3f84c1a7e59ae715d4f61e751c0b8
Instruction Fuzzy Hash: 98819AB3F112254BF3548E28CC983A17293EBD5320F2F82788E986B7C6D97E6D555384

Function 008CD14D Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7e184aa227624a44af6e04f3d9515ad1fe998ad8203035004c7662d0045ce8e
Instruction ID: 7040971340cb8e280af7aefc86939112e019c8e082209dac8b760d7ae275179e
Opcode Fuzzy Hash: b7e184aa227624a44af6e04f3d9515ad1fe998ad8203035004c7662d0045ce8e
Instruction Fuzzy Hash: 2B81A2B3F502254BF3544878CD983622583DBD5324F2F42788F5CABBCAD8BE6D0A5284

Function 0084127E Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cabc1e4d61d330e66bc839ba9f2b11127dbc0becd1d57649d4855e31aaf9486d
Instruction ID: ec14d2097eba98db5a580abbceb08e31c36672cb25c19c95f501ac372be2fc1a
Opcode Fuzzy Hash: cabc1e4d61d330e66bc839ba9f2b11127dbc0becd1d57649d4855e31aaf9486d
Instruction Fuzzy Hash: 7C818AB3F116254BF3584928CC683A27253DBD5324F2F817C8A896B3C6DD7E6D0A5384

Function 008C526F Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e273890394922453fb7b91052b4d4f5147b922eebe32c2dd06f026673ba5b35a
Instruction ID: 21855860590cab61c1b704b553eadf58ae19ca1bbde09f74c21515b1ab3ed6a5
Opcode Fuzzy Hash: e273890394922453fb7b91052b4d4f5147b922eebe32c2dd06f026673ba5b35a
Instruction Fuzzy Hash: AD717CB7F5122647F3544969CC483A27683EBD5320F3F81388E58AB7C5D97EAD0A5384

Function 0085831B Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddc801594756eb60c63fb7a67725199dc45a0b3d378e4878b07b5455b7e91501
Instruction ID: abf82bbe188fbb24806d493f20c869d3d87b7fea81468f71ed0dcc36122d657a
Opcode Fuzzy Hash: ddc801594756eb60c63fb7a67725199dc45a0b3d378e4878b07b5455b7e91501
Instruction Fuzzy Hash: 64817BF7F1162643F3584938DC683626243EBE5324F2F82788A996B7C6DD3E9D095384

Function 00868332 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd31f155d53f21ac2ebd0e1d13bb731d029f99fd2f3cb3310193470ca32f69bf
Instruction ID: 85340b4118ef70a885ddd39570a4e5f480a091220ead6062c721fb6665e18b68
Opcode Fuzzy Hash: bd31f155d53f21ac2ebd0e1d13bb731d029f99fd2f3cb3310193470ca32f69bf
Instruction Fuzzy Hash: A3818EB3F116264BF3500D29CC983A27643DBE5311F2F82788E486BBC6D87E5D0A6384

Function 008BB01C Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad98432aa5a852b62e9d4faeee69824f4b0f01810021879f9f7edaa90c5f2842
Instruction ID: d2ecf9e206cf9d07af99540db9710654ed520da484d6765887b5270fc47a65bc
Opcode Fuzzy Hash: ad98432aa5a852b62e9d4faeee69824f4b0f01810021879f9f7edaa90c5f2842
Instruction Fuzzy Hash: 50716BB3F112254BF3944968CC5836276839BE5325F2F82788E8C6B7C6D97E5D0953C8

Function 008AC09B Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19088227cedc362c33756963346df40e839f3435bf18fb62bd1d1dfb2e342e8f
Instruction ID: d5cb5945f15d8f88ab0d640038ae3c2cc5476b58fce4f38a5c66abc96813205a
Opcode Fuzzy Hash: 19088227cedc362c33756963346df40e839f3435bf18fb62bd1d1dfb2e342e8f
Instruction Fuzzy Hash: BF71A1B3F5062647F3544979CC583616683EBE5324F2F82388E5CAB7C6E8BE5C4A5384

Function 0080B296 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6162155075e0694f0f2f4ba52d121e0854a57b9502a6e6027b96307ae04ac6d7
Instruction ID: 5d71cc3a4825098b789e827469e1b2d4a144c5e1c5928c938cdf6a8af643c4b4
Opcode Fuzzy Hash: 6162155075e0694f0f2f4ba52d121e0854a57b9502a6e6027b96307ae04ac6d7
Instruction Fuzzy Hash: C57167B3F1122547F3944979CD58362B693ABE1314F2F82388E8C6B7C9E97E5D0A5384

Function 008252E4 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99155286691f3be7e17957fd6540bd08abad2a722db386ae457429c989327741
Instruction ID: 4e218e46419a9dcfcd23810e4219846141c3da4b302cea8fefafd996945b11e4
Opcode Fuzzy Hash: 99155286691f3be7e17957fd6540bd08abad2a722db386ae457429c989327741
Instruction Fuzzy Hash: E9719BF3F502254BF3540979DD983626683DB91314F2F82388F98AB7C5E9BE9C0A1384

Function 008AD1A8 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 292fb267e7ce62b26d20c1449ab630c64ef030d68d908f20e0deebd6dd70d0e3
Instruction ID: 292e9c485220af81a8b6400a761fee591029ec086a1adf0eb114122938d1c21d
Opcode Fuzzy Hash: 292fb267e7ce62b26d20c1449ab630c64ef030d68d908f20e0deebd6dd70d0e3
Instruction Fuzzy Hash: B271AFB3F0122547F3144E29CCA43617292DB96325F2F82788E596BBCAD97E5C4A5384

Function 008923C8 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21366a91ca846b30ccba390bd3d494ac84ab69b823b4f4e755f7da95d3dc0f86
Instruction ID: 6265d4a2a82e0ef8bbdcd95bf53174c9215e6b11b29f0a27eed0232a1272e5fb
Opcode Fuzzy Hash: 21366a91ca846b30ccba390bd3d494ac84ab69b823b4f4e755f7da95d3dc0f86
Instruction Fuzzy Hash: 97717CB3F116254BF3544D28CC583617282EB91324F2F82788F9CAB7C6D93EAD055388

Function 007E83C8 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 291a1813042201c3d74f06aedbeb6cb5c2583105e77cc65cce4358556c30eca6
Instruction ID: 144295f3f308d29b704efb4d34fd62a22b810536ccf8a99197c42c0c87634748
Opcode Fuzzy Hash: 291a1813042201c3d74f06aedbeb6cb5c2583105e77cc65cce4358556c30eca6
Instruction Fuzzy Hash: 2D718AB7F012260BF3500969DC983617643DBE5314F2F82388E986B7CAE97E6D0A5384

Function 007D4398 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c7e7cef6ea2a7fef6426630733f03b07c2726ac470d60adc523ad2e073194ad
Instruction ID: feb94d87608be40873813702832c0d5bed504dbdadef98fe29a4009b2b79424f
Opcode Fuzzy Hash: 9c7e7cef6ea2a7fef6426630733f03b07c2726ac470d60adc523ad2e073194ad
Instruction Fuzzy Hash: 3A7179B3F5062647F3548E29CC983B17283DB95310F2F827C8E886B3D6D97E6D496284

Function 0084F2A9 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfb48fe2dd2d2435161d5666d6068569c1d5c48080077ba0046f64f026a2de62
Instruction ID: 522e1065f5320ca5b9643b882e3e6b4e539c16532009cb529fe94b4d9eb17147
Opcode Fuzzy Hash: bfb48fe2dd2d2435161d5666d6068569c1d5c48080077ba0046f64f026a2de62
Instruction Fuzzy Hash: EB7183B3E116354BF36049A8CC58361B292EBA5320F2F82788E5C7B7C6D97E6D0953C4

Function 007E9026 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b7651f3a6a2b2a571243f63c878f28f27c9588edec7fe9daa89f72c5a78a35a
Instruction ID: 139b1ee76c1d9a0d131b54ff2288362ce95b1990ab59a441c2c77a9d02912940
Opcode Fuzzy Hash: 9b7651f3a6a2b2a571243f63c878f28f27c9588edec7fe9daa89f72c5a78a35a
Instruction Fuzzy Hash: A2719EB3F5122647F3944969CC983627683DBE5310F2F81388E995B7C6DD7E9C0A6384

Function 007F82C7 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8660b655cc9aa9c06f731b709a354bbb90f43650593315e7480ccc0f62e5654
Instruction ID: ad8915fae915528e088928f91a18046c6692d24607aea5c3bb47e1c507f80f9e
Opcode Fuzzy Hash: f8660b655cc9aa9c06f731b709a354bbb90f43650593315e7480ccc0f62e5654
Instruction Fuzzy Hash: 48719DB3F1112547F3644E28CC58372B283EBD5311F2F86788E996BBC9D93E6C056284

Function 008D11F6 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42a0a4c055fcc3dc92fd17dfe7f8213c9ce6295eb3767b3fbceed57959716d18
Instruction ID: e77a873829454fe62b893f84289995baf19858e6a016ada5ee532ec8a50f92c5
Opcode Fuzzy Hash: 42a0a4c055fcc3dc92fd17dfe7f8213c9ce6295eb3767b3fbceed57959716d18
Instruction Fuzzy Hash: 3A71BFB3F2212147F3944924CC583627283E7D1315F2F82388E98ABBCADD7E5D0A5384

Function 008A8109 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51e385bcf57168018b0964ec3ff64be6426c451790caa0222aed75b19fc33363
Instruction ID: 718d280c1106cee5b535f430e008516ec5a43e8cc77ddb30ef9ab656bc5ef7b0
Opcode Fuzzy Hash: 51e385bcf57168018b0964ec3ff64be6426c451790caa0222aed75b19fc33363
Instruction Fuzzy Hash: 75716EB3F1122547F3544968CC883626683D7E5324F2F82788E68ABBC6D97E9C0A5384

Function 008BF2E1 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a61bc3a5f2814c4d8e78230d85d97eb2c52cda99cc737fdc9a092966e53f83a
Instruction ID: 1d3dad953bc322ea274b511b9e8b126920c58e6d7998f78a0f6a102740fb2158
Opcode Fuzzy Hash: 6a61bc3a5f2814c4d8e78230d85d97eb2c52cda99cc737fdc9a092966e53f83a
Instruction Fuzzy Hash: 8261A1B3F1162647F3504968CC543A27283DBD5324F2F82748E58ABBCAD9BE9D4A53C4

Function 0081D262 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aca4dabdf3925e4d6cb53ae9e13c0efff4f3f886d397d1849fadd17ce246f408
Instruction ID: 082c93f1f51cdf3e23b7f745b0138466974a2abf22551c99c29af36d9514d9ac
Opcode Fuzzy Hash: aca4dabdf3925e4d6cb53ae9e13c0efff4f3f886d397d1849fadd17ce246f408
Instruction Fuzzy Hash: 40718DB3F112254BF3544D78CD993627642EBA5300F2F81788F88AB7C9D97DAD095384

Function 008EF2C2 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94ed9ee3ff55d9cfddaa8592dd637362d12733c3d36ac75398d7c1b6daa161d3
Instruction ID: 1ed44c4f7a252e7f62a053acd42c6a9faaf52e9ea708fdde909b0c753c645ed2
Opcode Fuzzy Hash: 94ed9ee3ff55d9cfddaa8592dd637362d12733c3d36ac75398d7c1b6daa161d3
Instruction Fuzzy Hash: 5F717BB3F116254BF3540D28CCA83A17682EB95314F2F817C8E895B3C6D9BF5D495384

Function 007BA341 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f897a0e51bac0fe5eb1f29f7e08d036f08f15eaf4f340bf6118a8837a5f5ff29
Instruction ID: 0efe986f4a67a7b1a6d3d3320a5cfcc757a9ec06e39c6f44626ff338e2621af3
Opcode Fuzzy Hash: f897a0e51bac0fe5eb1f29f7e08d036f08f15eaf4f340bf6118a8837a5f5ff29
Instruction Fuzzy Hash: BA71BFB7F2062507F3544968CC983B27242EBD5324F2F82788E9C6B7C6D9BE6D495384

Function 007E6301 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a876eb16c4187d36581b02383fcb92441d428916adbe641329569144b265d9e3
Instruction ID: b73c02db86b968884b82bdb9c0bc61b92b942e86855dc28e0f039b277910e037
Opcode Fuzzy Hash: a876eb16c4187d36581b02383fcb92441d428916adbe641329569144b265d9e3
Instruction Fuzzy Hash: 2E618FB3F2122647F3584978CC983726683DBD4324F2F82388E496B7C6D97E5D095284

Function 008031A9 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0904d24166b9ad2f126ab08613e53bb65ac8de95ecbc8eb96319c1a12ac3128
Instruction ID: 0c43e4a63e2cc85a2bc394a3b3461d556dd08063bfe08d415558b69ba59bd2b6
Opcode Fuzzy Hash: f0904d24166b9ad2f126ab08613e53bb65ac8de95ecbc8eb96319c1a12ac3128
Instruction Fuzzy Hash: F5719CB3F112254BF3540D28CC583627683EB95311F2F827C8E89AB7CAD9BE6D495384

Function 0084513F Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7bdf78d481d338d8a539bc304461a4f77672a6e03be397beeb2e5d79a76ac31
Instruction ID: 56c9c86dc7e52e756de86e4f1e43e9871023fa6609c5914325c546d856d607f7
Opcode Fuzzy Hash: d7bdf78d481d338d8a539bc304461a4f77672a6e03be397beeb2e5d79a76ac31
Instruction Fuzzy Hash: 4C618EB3F015258BF3504A69CC983A17293DBD9314F2F4178CA486B7D6DA7E6C06A384

Function 007BA02D Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8c2569a85c472f8423e4d0fdc6903b33457715c2ef61c80e6623e0b5b35d166
Instruction ID: 68e499b8b310a110885ca8548e3ea3348a46c079b7b05255eae22865297676f7
Opcode Fuzzy Hash: f8c2569a85c472f8423e4d0fdc6903b33457715c2ef61c80e6623e0b5b35d166
Instruction Fuzzy Hash: 8761ACB3F113264BF3604D68CC983627683DB95310F2F81788E886B7C6E97E6D0A5384

Function 00850391 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e85e6db79bc94d89f8203ae2c183c5b359710b78308cf98d06c3af6fc4d3743d
Instruction ID: 09cbcad93e1f7c0e3be0bb3641e10348495f2b126d0e17656798078ab67607cb
Opcode Fuzzy Hash: e85e6db79bc94d89f8203ae2c183c5b359710b78308cf98d06c3af6fc4d3743d
Instruction Fuzzy Hash: 4E6170B7F112254BF3504979CC8836176839BD5315F2F81788E8C5BBCAE87E5D4A5284

Function 008133E4 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9697c699949a260843869a5f105291013c922a058c069e8d1d788d4ce854570a
Instruction ID: 83fd90122bd4069fd678b70689050199fbb4489f0ec24774429e1a705a2ac444
Opcode Fuzzy Hash: 9697c699949a260843869a5f105291013c922a058c069e8d1d788d4ce854570a
Instruction Fuzzy Hash: E961BDB3E1112647F3644E28CC583B17693EBD5310F2F82788E896B7C6D97E6D49A384

Function 0087F03A Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1be5969306101496d5173535305ac66546ac4c69b4107e1b0c1a3cc117f1fd2
Instruction ID: 89dc9ddb030c38f79a55094d44d4d5453a8126956aea3b4d817e38436cd4a67e
Opcode Fuzzy Hash: c1be5969306101496d5173535305ac66546ac4c69b4107e1b0c1a3cc117f1fd2
Instruction Fuzzy Hash: 7E61DFB7F6122647F3544978CCA43B27283DB91314F2F82788E88AB7C6D97E5D495384

Function 008A212E Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84081b1b28c55990fe5342498f6b5849f917475eb445103978c9671685b06d3d
Instruction ID: f2e11264e044710861718d7f6658badb63700ad90d1927a9ecac24da4794bab9
Opcode Fuzzy Hash: 84081b1b28c55990fe5342498f6b5849f917475eb445103978c9671685b06d3d
Instruction Fuzzy Hash: 2F61BEB3F502254BF3644D28CC683A13293EB99324F2F427C8E996B7D2D97E5D495384

Function 0080A22D Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3a3895f38982b7086c884f2369fcb303cd347b4c196f7c2901c06251576bdc4
Instruction ID: 16214717f8e3b1d4cb9b835547abe24d0fa91abf635e7643bad3568d57737505
Opcode Fuzzy Hash: f3a3895f38982b7086c884f2369fcb303cd347b4c196f7c2901c06251576bdc4
Instruction Fuzzy Hash: 0F614EB3F1122647F3544E29CC543A1B393EB95310F2F81788E889B7C5DA7EAD499784

Function 00889051 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b545edbeda6d7a1bd5b5166b8e0462bcd3efd28def675f7c4c9095e0a942b1e
Instruction ID: b68e05653436508fb2afd667151c30c48919f61d4791d67b1aff18674222f4f1
Opcode Fuzzy Hash: 0b545edbeda6d7a1bd5b5166b8e0462bcd3efd28def675f7c4c9095e0a942b1e
Instruction Fuzzy Hash: 5D61AAB3F2112547F3544938CD583A17683EBD1324F2F82788A999B7C5CDBEAD4A9384

Function 007DE155 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ca835f99c5df702d875a3111d4025992cc4a81cb03218eef8808e0f3049e5d
Instruction ID: d7b9e783685b0e83d950b144357dbee396ba98623a297f21396b18b27d5a5147
Opcode Fuzzy Hash: f4ca835f99c5df702d875a3111d4025992cc4a81cb03218eef8808e0f3049e5d
Instruction Fuzzy Hash: F361CEB7F1162647F3544D68CC58361B292EBA5320F2F823C8E8CAB7C5E97E6D095384

Function 008A70FC Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4689d3b6002709d4d048159cee5cdafe5354254eb2b96719d57913df830e554c
Instruction ID: 9d3c4f05192bf54e33dec60b38da55ffa52b37c8d4605602ba7b8149df74b120
Opcode Fuzzy Hash: 4689d3b6002709d4d048159cee5cdafe5354254eb2b96719d57913df830e554c
Instruction Fuzzy Hash: 11518DB3F1122547F3544979CD983A16692EBD5320F2F82788EACABBC6D87D9D0952C0

Function 008C61AD Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a237945ab5f1aa5c5eab34b08190fd68e421b8873e38438987b5867927e9686b
Instruction ID: a60af9596687bdd97108fe96de5316b8e2ba23947019d29e45ceca52e703d768
Opcode Fuzzy Hash: a237945ab5f1aa5c5eab34b08190fd68e421b8873e38438987b5867927e9686b
Instruction Fuzzy Hash: EA51ABB3F1122607F3584978CD693667683ABD1324F2F82388A9E6B7C5DC7E5D0A4380

Function 0090A2D8 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75b13386f4a885b797826982017b0f34ca20fa5815f6b317f08442d71773a862
Instruction ID: 0127285627b693fbc052975e9ceceaee69fc3ecb0319a6a5a8918cfb7bb29ea1
Opcode Fuzzy Hash: 75b13386f4a885b797826982017b0f34ca20fa5815f6b317f08442d71773a862
Instruction Fuzzy Hash: 02515DB3F5162603F3580978CC99365A5839BD5324F2F82798F9DAB7C6D9BE8C091284

Function 0088C315 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1be6a03cbbe015122f055a2d24eb97443a16a45315b8adda44bc2ae62f77f1fd
Instruction ID: a01d2d32662241bd916a756faaeb17215fde4d9ffc23ddfc47bb027817902911
Opcode Fuzzy Hash: 1be6a03cbbe015122f055a2d24eb97443a16a45315b8adda44bc2ae62f77f1fd
Instruction Fuzzy Hash: 9D519AB7F402250BF3544929CC583727682DBE5314F2F82788E8C6BBC6E97E6C4A5384

Function 008DA208 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e879e6dde73de5c78abde10348b6495988f0edaeb77e2ae284da098cba18907
Instruction ID: 18cb9e90f592dbf610121322c23a0218139afc823be459b1a38b49c5dca45bea
Opcode Fuzzy Hash: 9e879e6dde73de5c78abde10348b6495988f0edaeb77e2ae284da098cba18907
Instruction Fuzzy Hash: 6D5158F7F1062547F7648968CC983626292EB95314F2F81788F8C6B7C6E97E6C0693C4

Function 007C73D8 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf916656d4846ec2530af46a1f9de139a872efa66d863a163cfe57dba5687444
Instruction ID: 9f906e279b115bd0f2747a679c0444c7a038041caa9c051e2d92240c170fba55
Opcode Fuzzy Hash: cf916656d4846ec2530af46a1f9de139a872efa66d863a163cfe57dba5687444
Instruction Fuzzy Hash: 51515CB3F112264BF3644E69CC44361B393EB95310F2F42788E886B7C5D97E6D469788

Function 008101DA Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efcf8c075e87dcf0cfd3920063c95043af6b5745e10bb53ade1eeb82b3269ad8
Instruction ID: 297abf2ec19549d0f228eb31af8d575a541e5b1410f8d0cb2bac161d841fd3a0
Opcode Fuzzy Hash: efcf8c075e87dcf0cfd3920063c95043af6b5745e10bb53ade1eeb82b3269ad8
Instruction Fuzzy Hash: ED516BB7F012164BF3584E69CC98361B293EBA5314F2F817C8A495B7C2EE7E5C469344

Function 009071E4 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 362f48eaf25706cdd42be4192e1144eff8c40694f05f35680f25d0c6108a40b0
Instruction ID: db2022bb62c1986db84fc95f8f012a2315d4a4b363d130d78e7915d32b68ff5b
Opcode Fuzzy Hash: 362f48eaf25706cdd42be4192e1144eff8c40694f05f35680f25d0c6108a40b0
Instruction Fuzzy Hash: B55181B3F216354BF39049B4CC983A26292D795320F2F82758E5CABBC6DC7E5D496384

Function 008291DE Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cedf16a00f6863bf4f61f6501d39efb14bf41c56ee63f1c01a485b28537a06e2
Instruction ID: eed1d5f9ef036b3bbaa150082c760761956eed1cfd486cca432e6a0bba14a1c3
Opcode Fuzzy Hash: cedf16a00f6863bf4f61f6501d39efb14bf41c56ee63f1c01a485b28537a06e2
Instruction Fuzzy Hash: 02517CB3F0122547F3544969CC683B17683DBE5314F2F82788E896BBCAE87E5D4A5284

Function 007DC0A6 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc0917a10a5bff7cfda8a2674cd4c8514d8bcb56759e976e940354fa40878fe7
Instruction ID: 82562dcc64d4bce4a0aca5a84c5462c9d86577a0d3680119b9596835c6c0462d
Opcode Fuzzy Hash: fc0917a10a5bff7cfda8a2674cd4c8514d8bcb56759e976e940354fa40878fe7
Instruction Fuzzy Hash: D5517AB3F1112647F3444E68CC683627293EB95314F2E81788F496B7C9D97EAD499288

Function 008950EA Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257730c8233a36dd4d1847bd37276f3a6983015aa56acbd34ba78ece886fd7ff
Instruction ID: b221682d01207656a76425ec5744e5d4e19b7b20ae15b1b275c91df5e4ba3da3
Opcode Fuzzy Hash: 257730c8233a36dd4d1847bd37276f3a6983015aa56acbd34ba78ece886fd7ff
Instruction Fuzzy Hash: 82516AB3F215254BF3584D24CC583A17283A7D4324F2F82BC8E996B3D6D97E6D096384

Function 0087D1C4 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6fbe9843ad0ac2844fb29bcae57000ef49fce3f6550a2c1fded37590f03f6c
Instruction ID: 33b9033f7a9dc9befbdf2efb73bc9aad157dc06700c2628cf46bdc73292c3d1c
Opcode Fuzzy Hash: 6b6fbe9843ad0ac2844fb29bcae57000ef49fce3f6550a2c1fded37590f03f6c
Instruction Fuzzy Hash: E25192B3F2162607F3944838CD693A26683DB94314F2F86388E89DBBC6D87EDD455384

Function 0086B19A Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cca3f57c5cd6536d804cc8f2efdd183cae0f507d81608fb0ff4a9ffb5c0da262
Instruction ID: 800293f1735a9444796be6aa2cd5f549d2131cec73c882bacafcbed92d7684e9
Opcode Fuzzy Hash: cca3f57c5cd6536d804cc8f2efdd183cae0f507d81608fb0ff4a9ffb5c0da262
Instruction Fuzzy Hash: E3519CB3F1122547F3544969DC983627282EBD5314F2F81788F8C6BBCAD87E6D4A5388

Function 008EC316 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2521ac050d71d975411d0bb3c8c394993196fbeee1eee81583c6766ec4932e1
Instruction ID: 4f2c8b1f6309ba368c7b9b1bf743b733d1312d5a2729ad636ee0f28eb3e797d1
Opcode Fuzzy Hash: c2521ac050d71d975411d0bb3c8c394993196fbeee1eee81583c6766ec4932e1
Instruction Fuzzy Hash: D551DCB3F1122547F3544D38CC983A17652EB95310F2F82788E4D6B7CAD87E6D4A5384

Function 008A01F6 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4c3c53da5231ed82cd6c050bdb62761fb595cf1507a86decda331d2d1becc2b
Instruction ID: c7e823c9854ffcd44ec04ff858e558eb0075bc34d4bd16e7b6482058b82bcd20
Opcode Fuzzy Hash: a4c3c53da5231ed82cd6c050bdb62761fb595cf1507a86decda331d2d1becc2b
Instruction Fuzzy Hash: 60419FF3F2162547F3444978CC993626283DBE1324F2F82388A689B7D5ED3E9C4A5384

Function 007C40DD Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42a194e85af96c596195cc6757ea5a9fa39d08f5b6d99f2f1bdf5bb3484ba89
Instruction ID: 753bb72f871b4ab8e53e9bb87edd84008e7ef52597717c99e7cc33faa3bd3c00
Opcode Fuzzy Hash: b42a194e85af96c596195cc6757ea5a9fa39d08f5b6d99f2f1bdf5bb3484ba89
Instruction Fuzzy Hash: BA41AEB3F515264BF3504E29CC583617283DBD5315F2F86788E485BBCAD97E9C46A280

Function 008261C6 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8034cc7cbd6fb7eb3ae3ace821584924ed724a19516e4ca655e326fe0e8b13f5
Instruction ID: 1aceeef58f7af814ef3ea10457ad2a71dc5fbe978050394ad9c4e8a833328c2c
Opcode Fuzzy Hash: 8034cc7cbd6fb7eb3ae3ace821584924ed724a19516e4ca655e326fe0e8b13f5
Instruction Fuzzy Hash: 55416FB3F6066547F7640878CDA83B26542E790310F2F41798F4A7BBC6D8BE9E4A5384

Function 00825106 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba8ac4112cb16b155b12068826586e33b3bc212f098ff23648814a83d24a7126
Instruction ID: 2e1593a0ef44d6352abecc38db3a45d9506e9cee730d1dabaacc32854f581efb
Opcode Fuzzy Hash: ba8ac4112cb16b155b12068826586e33b3bc212f098ff23648814a83d24a7126
Instruction Fuzzy Hash: 57419EF7E5153647F3504928CC54362A2839BE1325F2F8278CE58ABBCAE97E5C4652C4

Function 00887032 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf73314c65af1c143eb893c0be8f328ea1c4a1cfb5c1650b4acd9da7e5f27ed2
Instruction ID: 44ba18ba6ae478e6247d54c5d7e4ab70d563aabb3b5a28b31d92c2216b982457
Opcode Fuzzy Hash: bf73314c65af1c143eb893c0be8f328ea1c4a1cfb5c1650b4acd9da7e5f27ed2
Instruction Fuzzy Hash: ED3148B7F5112547F3540928CC583A2A693ABE4310F2F81B8CE4C6BBC5E97E9D4993C8

Function 0083E259 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ead12cd2ea248624ae9eb9159e0ac683fd479306529c60be1d7705ccb491d2de
Instruction ID: 63afe6dd44901cd92f3a20538d5217d8072b6754bee9460756ee73ca608f3e63
Opcode Fuzzy Hash: ead12cd2ea248624ae9eb9159e0ac683fd479306529c60be1d7705ccb491d2de
Instruction Fuzzy Hash: 843176B3F1122547F7684878CC6937225829BE5314F2F82798F5EABBC6EC7D1C095284

Function 00907020 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee06c0ac5930c2e3abd3eb4659ea5c5b5a138748e2e68bb5667e1aa3dc4d52ef
Instruction ID: 9e9ca04d143c03f73394c77463d911930a9d3af99e21c49539536134010e05ed
Opcode Fuzzy Hash: ee06c0ac5930c2e3abd3eb4659ea5c5b5a138748e2e68bb5667e1aa3dc4d52ef
Instruction Fuzzy Hash: 1F31F6F7F616250BF79444A9CD983A2148397E5314F2F81788E8C6BAC6DC7E4C4A53C4

Function 008D2134 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af5cfd9c97cb85374b1319bd975bd1f86a7bf14bbccaf791749e0d964daed4a6
Instruction ID: 21b0d943adb234a0512afa4e8ef02b3b45a36b4b172863516011e76e8ca7d36e
Opcode Fuzzy Hash: af5cfd9c97cb85374b1319bd975bd1f86a7bf14bbccaf791749e0d964daed4a6
Instruction Fuzzy Hash: EE316FB3F1122547F3908929CD58362729397D4714F2F81788D8C2BBCADD7E6D4A5384

Function 0080B0EE Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e13b2a24ad90134986e5e7e450f1a228765088767a26d254c2d8891fb1976f16
Instruction ID: 5c6ba46728ec74106162ae7561c492fe48f679d96baca11ccd6d34e68891df86
Opcode Fuzzy Hash: e13b2a24ad90134986e5e7e450f1a228765088767a26d254c2d8891fb1976f16
Instruction Fuzzy Hash: F3312AB7F61A2547F3548875DC583622183D3E5325F2F82788E58ABBCADC7E8C4A1384

Function 0086D02D Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6006c7272294100c58c77dc5b13b9c67a94183f9de57c112fea26dfad84e2e9f
Instruction ID: f87f6c1674c9cef298b2cbe4e5d2b80de76f8ed2e74af3a4f8c99dfb9e48e1ef
Opcode Fuzzy Hash: 6006c7272294100c58c77dc5b13b9c67a94183f9de57c112fea26dfad84e2e9f
Instruction Fuzzy Hash: F931EAB7F6253507F3984469CC583A2658397E5324F2F82798E6C677C6DC7E5C0A12C4

Function 007EC238 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2a654e02b1af555dc1d81b0a8e21fee520456a99e95ec0d9e939f857b94af90
Instruction ID: 7b3e335f57ab81210f047e2644e3c1fee45cd43db7f3a76bb0f1808b596070bd
Opcode Fuzzy Hash: d2a654e02b1af555dc1d81b0a8e21fee520456a99e95ec0d9e939f857b94af90
Instruction Fuzzy Hash: D9317EB7E116220BF3444839DD983B21983D7D4321F3F82394F6597BCADCBE9A051244

Function 007ED27E Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e7fb2f3085949c1e5b810a7b7dfea058947ecae480421543ef179cfe2224d6f
Instruction ID: 55a1088e941586a00c0a5e15310df1a2923fe39ab496b76d18d5a668812d64ab
Opcode Fuzzy Hash: 6e7fb2f3085949c1e5b810a7b7dfea058947ecae480421543ef179cfe2224d6f
Instruction Fuzzy Hash: FC3148B3F1062607F3184829DCA93B26583DBE5324F2F41398B5A5B7C6D8BE8C421284

Function 00829070 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e68119dc89ebcece1ed47f8f05b7ca2221e8675fa723148f7d6661add7b2610
Instruction ID: 5eb8cdb8e3dbabb228198a0db50addf470aff40cd6aba03662347332318de748
Opcode Fuzzy Hash: 7e68119dc89ebcece1ed47f8f05b7ca2221e8675fa723148f7d6661add7b2610
Instruction Fuzzy Hash: 653141B3F2152607F7588839CC653B665839BD5320F2F87398E59A7BC6DC7E9C451280

Function 008FD0CE Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a3f18d479506a5157726fa75a7e0e5ae246d41814780576c192a0ae2c8ab6ed
Instruction ID: 4d72bf31e179ddcdb606b9b2cc7537431fd5ad483b44febc595c3abb68e79696
Opcode Fuzzy Hash: 7a3f18d479506a5157726fa75a7e0e5ae246d41814780576c192a0ae2c8ab6ed
Instruction Fuzzy Hash: 3131EAB3F1152547F3544869CDA83A2544397D5325F2F82798F6CABBC6D8BE8D0642C4

Function 007C6196 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c326206b01012a21d5095fe06a9f9f2dd19671d54ef9d7c6e5ef77fd4e48cc35
Instruction ID: c20bac8898c0fc6bdb2d9ef735f1b4555b97dba35329ac43f513c45c67052aa6
Opcode Fuzzy Hash: c326206b01012a21d5095fe06a9f9f2dd19671d54ef9d7c6e5ef77fd4e48cc35
Instruction Fuzzy Hash: 843190B3F122250BF7944879CD58367658397D5320F2F82788E58ABBCAEC7E4D091384

Function 009033B9 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15b49212d1a9855d7b04723e415f4714b45dc87445a2ba947ecc315f8da2d3de
Instruction ID: 7305349cd25e60ef402bf40dd9a645da659cbbeb89d6e482ec6adc80f9aa756c
Opcode Fuzzy Hash: 15b49212d1a9855d7b04723e415f4714b45dc87445a2ba947ecc315f8da2d3de
Instruction Fuzzy Hash: 8B313CB3F2262247F3504979CC5835261839BD0325F3F82798A9CABBC9DDBE9D465384

Function 00803021 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91391522a2ddaac1427fdfb34e463766506f1ce7cd48a3c320d93b82b5facefb
Instruction ID: 3fb1fe4d18ddaf9921e2e9ad3057de8fd789fc351f437febb3db162c2853af3f
Opcode Fuzzy Hash: 91391522a2ddaac1427fdfb34e463766506f1ce7cd48a3c320d93b82b5facefb
Instruction Fuzzy Hash: AE3105F3F1152147F7584839CD69366698387D5320F3F83798BAA6BACADC7D4C0A1288

Function 008ED094 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 462ea09d1edcea04f94a91764aaf854203b41b2c6fe020a1ac515c7ff6e840da
Instruction ID: 77371f6bda015a7cbbc463e5f9d4c39984474f1bf11eb22ceff57fb50d6caa71
Opcode Fuzzy Hash: 462ea09d1edcea04f94a91764aaf854203b41b2c6fe020a1ac515c7ff6e840da
Instruction Fuzzy Hash: 713139F3E51A2647F3A408B9DD9836695829BE4324F2F42398F5C77BC6D87D4D0A11C4

Function 008B03F6 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1d86af109eada9d01c2d6a5b0c3e51a1b48d1385287daf42dfe6c7fbf64baf9
Instruction ID: 91dbc6feae8becdd7e84420cd8ce4627c5aea52bb4a5829d9fc043e028fff28f
Opcode Fuzzy Hash: c1d86af109eada9d01c2d6a5b0c3e51a1b48d1385287daf42dfe6c7fbf64baf9
Instruction Fuzzy Hash: 6C215CF7E1162507F3984839CD69332658397A5325F2F82798B4EAB7CAEC7C080A5280

Function 0081E048 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83b052296672b65d8db8114a2b819988cb0046d1ad835347e4a7db9d608b5400
Instruction ID: f0d6059b751fe6fcf1fc2747ae917de6ea5dfe363c9e3d87544b69ff403fc7f5
Opcode Fuzzy Hash: 83b052296672b65d8db8114a2b819988cb0046d1ad835347e4a7db9d608b5400
Instruction Fuzzy Hash: E9215EB3F1212147F3544879CD983A2658397D5330F2F83748E286BBCADCBE1D4A5284

Function 007D7306 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae84a5e20f025583e6bdf7e6b413c26cec901531b556050201bfc5871715cb29
Instruction ID: 573955252363a187a54f35b9bc75eee320ce55ff289a80555bff8894caf6aa3d
Opcode Fuzzy Hash: ae84a5e20f025583e6bdf7e6b413c26cec901531b556050201bfc5871715cb29
Instruction Fuzzy Hash: FD218EB3F2253547F7584839CD293A6654397D0721F2F827C8A9A576CADC7E5C0512C4

Function 008C42C9 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a40439bdd009f1707cda1c56c2d26b4e33ff599c7982a46aaad1b5520af1fc5
Instruction ID: 3faea3e197c99ac3b85b5cbb304d393d276104e75312c47ed1145d74f1ae4320
Opcode Fuzzy Hash: 8a40439bdd009f1707cda1c56c2d26b4e33ff599c7982a46aaad1b5520af1fc5
Instruction Fuzzy Hash: 3F21BEB3E4123647F354496ACD65362A6829BE5320F2F82398E6CA77C6ED7E5C0602C4

Function 00848133 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1803689448.00000000007AB000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.1802328572.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803125776.00000000007A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803420145.00000000007A9000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A2F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1803689448.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804068901.0000000000A3E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804220797.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1804237128.0000000000BD7000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_random.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 245e142cbae25040613cafe6b311932e70a181f6e421ac64075315fc536d5732
Instruction ID: dbd8e279f7769cb332754bc625c2f3cdc5bb18945c6815da3be42a493aa1478d
Opcode Fuzzy Hash: 245e142cbae25040613cafe6b311932e70a181f6e421ac64075315fc536d5732
Instruction Fuzzy Hash: 7E1184B3F6162947F3544C25CCA53A25543D3E4320F1F853C8E589BBCAD97E9C0B6284

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report random.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

Windows Analysis Report
random.exe

Function 007A1000 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 702
fileCOMMON

Function 007A20E1 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 137
COMMON

Function 007A4EB2 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 288
fileCOMMON

Function 007A1DC9 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 139
fileCOMMON

Function 007A1D21 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70
encryptionCOMMON

Function 007A4C2D Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 209
windowCOMMON

Function 007A2282 Relevance: 24.8, APIs: 5, Strings: 9, Instructions: 321
synchronizationCOMMON

Function 007A53F8 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140
networkCOMMON

Function 007A48D6 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 234
memoryCOMMON

Function 007A475F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96
libraryCOMMON

Function 04A40347 Relevance: 1.7, APIs: 1, Instructions: 216
COMMON

Function 04A40333 Relevance: 1.7, APIs: 1, Instructions: 192
COMMON