Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
xxLuwS60RS.exe

Overview

General Information

Sample name:xxLuwS60RS.exe
renamed because original name is a hash value
Original sample name:2cadc9fdc1b98560776cb3750bbc52ad.exe
Analysis ID:1579687
MD5:2cadc9fdc1b98560776cb3750bbc52ad
SHA1:15c1d08b1555e3f1f54cf95cf7333150c29879c2
SHA256:4c118f4af126877304c23b32bc0b0fb83956ac0d3842a047dd6f9264473fa309
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • xxLuwS60RS.exe (PID: 360 cmdline: "C:\Users\user\Desktop\xxLuwS60RS.exe" MD5: 2CADC9FDC1B98560776CB3750BBC52AD)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["necklacebudi.lat", "grannyejh.lat", "energyaffai.lat", "rapeflowwj.lat", "aspecteirs.lat", "sweepyribs.lat", "crosshuaht.lat", "sustainskelet.lat", "discokeyus.lat"], "Build id": "PsFKDg--pablo"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
    SourceRuleDescriptionAuthorStrings
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      No Sigma rule has matched
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:10.904567+010020283713Unknown Traffic192.168.2.54970423.55.153.106443TCP
      2024-12-23T07:36:13.273220+010020283713Unknown Traffic192.168.2.549705172.67.157.254443TCP
      2024-12-23T07:36:14.925183+010020283713Unknown Traffic192.168.2.549706172.67.157.254443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:14.019132+010020546531A Network Trojan was detected192.168.2.549705172.67.157.254443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:14.019132+010020498361A Network Trojan was detected192.168.2.549705172.67.157.254443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:08.440729+010020583541Domain Observed Used for C2 Detected192.168.2.5637321.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:08.905999+010020583581Domain Observed Used for C2 Detected192.168.2.5511921.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:07.580892+010020583601Domain Observed Used for C2 Detected192.168.2.5547271.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:08.212713+010020583621Domain Observed Used for C2 Detected192.168.2.5611571.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:07.261424+010020583641Domain Observed Used for C2 Detected192.168.2.5495301.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:07.806923+010020583701Domain Observed Used for C2 Detected192.168.2.5652881.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:09.133094+010020583741Domain Observed Used for C2 Detected192.168.2.5515921.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:08.676185+010020583761Domain Observed Used for C2 Detected192.168.2.5547331.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:07.020047+010020583781Domain Observed Used for C2 Detected192.168.2.5552931.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T07:36:11.672143+010028586661Domain Observed Used for C2 Detected192.168.2.54970423.55.153.106443TCP

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: xxLuwS60RS.exeAvira: detected
      Source: xxLuwS60RS.exe.360.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["necklacebudi.lat", "grannyejh.lat", "energyaffai.lat", "rapeflowwj.lat", "aspecteirs.lat", "sweepyribs.lat", "crosshuaht.lat", "sustainskelet.lat", "discokeyus.lat"], "Build id": "PsFKDg--pablo"}
      Source: xxLuwS60RS.exeReversingLabs: Detection: 60%
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: xxLuwS60RS.exeJoe Sandbox ML: detected
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: rapeflowwj.lat
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: crosshuaht.lat
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: sustainskelet.lat
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: aspecteirs.lat
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: energyaffai.lat
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: necklacebudi.lat
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: discokeyus.lat
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: grannyejh.lat
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: sweepyribs.lat
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
      Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmpString decryptor: PsFKDg--pablo
      Source: xxLuwS60RS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49705 version: TLS 1.2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then lea edx, dword ptr [ecx+01h]0_2_0005B70C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]0_2_0008C767
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then push C0BFD6CCh0_2_00073086
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then push C0BFD6CCh0_2_00073086
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_0007B170
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ebx, esi0_2_00072190
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_00072190
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h0_2_00072190
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h0_2_0008B1D0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ebx, eax0_2_0008B1D0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_000791DD
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]0_2_000791DD
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]0_2_00065220
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]0_2_00066263
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov word ptr [ebx], ax0_2_0006B2E0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]0_2_0008F330
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]0_2_00067380
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h0_2_0006D380
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]0_2_00067380
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00085450
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_000791DD
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]0_2_000791DD
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_000574F0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_000574F0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ecx, eax0_2_00059580
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov word ptr [ebp+00h], ax0_2_00059580
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then jmp dword ptr [0009450Ch]0_2_00068591
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then xor edi, edi0_2_0006759F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h0_2_000885E0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then jmp eax0_2_000885E0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov eax, dword ptr [0009473Ch]0_2_0006C653
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0007A700
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov esi, eax0_2_00065799
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ecx, eax0_2_00065799
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx eax, word ptr [edx]0_2_000697C2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov word ptr [edi], dx0_2_000697C2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov word ptr [esi], cx0_2_000697C2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]0_2_0006E7C0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov edx, ecx0_2_00088810
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh0_2_00088810
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh0_2_00088810
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then test eax, eax0_2_00088810
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0006682D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]0_2_0006682D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]0_2_0006682D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov word ptr [ecx], bp0_2_0006D83A
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then jmp eax0_2_0007984F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]0_2_00073860
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ebx, eax0_2_00055990
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ebp, eax0_2_00055990
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov eax, dword ptr [esp+00000080h]0_2_000679C1
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0007CA49
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov byte ptr [esi], al0_2_0007DA53
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then push ebx0_2_0008CA93
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then push esi0_2_00077AD3
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0007CAD0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0007CB11
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0007CB22
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0006CB40
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov word ptr [esi], cx0_2_0006CB40
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00078B61
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then cmp al, 2Eh0_2_00076B95
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ebx, eax0_2_0005DBD9
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ebx, eax0_2_0005DBD9
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then push 00000000h0_2_00079C2B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]0_2_0008ECA0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov eax, dword ptr [ebp-68h]0_2_00078D93
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]0_2_00067DEE
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then jmp dword ptr [000955F4h]0_2_00075E30
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov edx, ebp0_2_00075E70
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ecx, eax0_2_0008AEC0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov byte ptr [esi], al0_2_0006BF14
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov eax, dword ptr [ebx+edi+44h]0_2_00069F30
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then xor byte ptr [esp+eax+17h], al0_2_00058F50
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_00058F50
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]0_2_0008EFB0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then mov ecx, ebx0_2_0007DFE9
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 4x nop then jmp ecx0_2_0005BFFD

      Networking

      barindex
      Source: Network trafficSuricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.5:63732 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.5:49530 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.5:51592 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.5:54733 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.5:54727 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.5:61157 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.5:65288 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.5:55293 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.5:51192 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 23.55.153.106:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 172.67.157.254:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 172.67.157.254:443
      Source: Malware configuration extractorURLs: necklacebudi.lat
      Source: Malware configuration extractorURLs: grannyejh.lat
      Source: Malware configuration extractorURLs: energyaffai.lat
      Source: Malware configuration extractorURLs: rapeflowwj.lat
      Source: Malware configuration extractorURLs: aspecteirs.lat
      Source: Malware configuration extractorURLs: sweepyribs.lat
      Source: Malware configuration extractorURLs: crosshuaht.lat
      Source: Malware configuration extractorURLs: sustainskelet.lat
      Source: Malware configuration extractorURLs: discokeyus.lat
      Source: Joe Sandbox ViewIP Address: 172.67.157.254 172.67.157.254
      Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 172.67.157.254:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 23.55.153.106:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 172.67.157.254:443
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ httG equals www.youtube.com (Youtube)
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=50892755ecab8f36e515b612; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 23 Dec 2024 06:36:11 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control$" equals www.youtube.com (Youtube)
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: sweepyribs.lat
      Source: global trafficDNS traffic detected: DNS query: grannyejh.lat
      Source: global trafficDNS traffic detected: DNS query: discokeyus.lat
      Source: global trafficDNS traffic detected: DNS query: necklacebudi.lat
      Source: global trafficDNS traffic detected: DNS query: energyaffai.lat
      Source: global trafficDNS traffic detected: DNS query: aspecteirs.lat
      Source: global trafficDNS traffic detected: DNS query: sustainskelet.lat
      Source: global trafficDNS traffic detected: DNS query: crosshuaht.lat
      Source: global trafficDNS traffic detected: DNS query: rapeflowwj.lat
      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
      Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
      Source: xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
      Source: xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
      Source: xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
      Source: xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.cM
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
      Source: xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
      Source: xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunit
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
      Source: xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
      Source: xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
      Source: xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000B93000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discokeyus.lat/
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
      Source: xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166567531.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
      Source: xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/2
      Source: xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/R
      Source: xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175745989.0000000000BE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
      Source: xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiHv
      Source: xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apie
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
      Source: xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
      Source: xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
      Source: xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
      Source: xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
      Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49705 version: TLS 1.2

      System Summary

      barindex
      Source: xxLuwS60RS.exeStatic PE information: section name:
      Source: xxLuwS60RS.exeStatic PE information: section name: .idata
      Source: xxLuwS60RS.exeStatic PE information: section name:
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000588500_2_00058850
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0005ACF00_2_0005ACF0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B200C0_2_000B200C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D0310_2_0020D031
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C40280_2_000C4028
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B602D0_2_000B602D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E90240_2_000E9024
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E80250_2_000E8025
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B50300_2_000B5030
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0018C0590_2_0018C059
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F604B0_2_000F604B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F006D0_2_000F006D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FF0680_2_000FF068
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F80630_2_000F8063
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FB07B0_2_000FB07B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_002170590_2_00217059
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CD0ED0_2_000CD0ED
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BA0EE0_2_000BA0EE
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DC0F70_2_000DC0F7
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CC12F0_2_000CC12F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D91240_2_000D9124
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D41210_2_000D4121
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_002821050_2_00282105
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EA1330_2_000EA133
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F214E0_2_000F214E
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CE1680_2_000CE168
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_002121440_2_00212144
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C81810_2_000C8181
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D71830_2_000D7183
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000721900_2_00072190
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C01A60_2_000C01A6
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0021C1950_2_0021C195
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000591B00_2_000591B0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000731C20_2_000731C2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000741C00_2_000741C0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0008B1D00_2_0008B1D0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000791DD0_2_000791DD
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BE1E80_2_000BE1E8
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FE1FB0_2_000FE1FB
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F31FA0_2_000F31FA
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BC1F10_2_000BC1F1
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FB1F30_2_000FB1F3
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C620C0_2_000C620C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_001452150_2_00145215
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B72030_2_000B7203
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000652200_2_00065220
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E424F0_2_000E424F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E624F0_2_000E624F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000662630_2_00066263
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F72600_2_000F7260
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000562800_2_00056280
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E529D0_2_000E529D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0006E2900_2_0006E290
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F42A20_2_000F42A2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BD2B90_2_000BD2B9
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F12BA0_2_000F12BA
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000752DD0_2_000752DD
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0006B2E00_2_0006B2E0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EC2E90_2_000EC2E9
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EE2FC0_2_000EE2FC
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E32F20_2_000E32F2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0007830D0_2_0007830D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000753270_2_00075327
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000543200_2_00054320
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EF3260_2_000EF326
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F33250_2_000F3325
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000583300_2_00058330
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FE1FB0_2_000FE1FB
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0008F3300_2_0008F330
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0007A33F0_2_0007A33F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0008D34D0_2_0008D34D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E73490_2_000E7349
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FD3760_2_000FD376
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C938E0_2_000C938E
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000743800_2_00074380
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B23930_2_000B2393
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B53AE0_2_000B53AE
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C53D10_2_000C53D1
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D23D20_2_000D23D2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000ED3E20_2_000ED3E2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FF3F90_2_000FF3F9
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C740B0_2_000C740B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DA40A0_2_000DA40A
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CA4150_2_000CA415
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DD43F0_2_000DD43F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F54360_2_000F5436
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E948A0_2_000E948A
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0006148F0_2_0006148F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F24960_2_000F2496
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DC4B20_2_000DC4B2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000791DD0_2_000791DD
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E44D90_2_000E44D9
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000574F00_2_000574F0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F94F70_2_000F94F7
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000875000_2_00087500
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EA5020_2_000EA502
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000725100_2_00072510
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CF5140_2_000CF514
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F05130_2_000F0513
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CC5320_2_000CC532
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FF54E0_2_000FF54E
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D355F0_2_000D355F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020B5420_2_0020B542
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D25630_2_000D2563
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000595800_2_00059580
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0006759F0_2_0006759F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D95940_2_000D9594
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C45CB0_2_000C45CB
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B75EB0_2_000B75EB
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000776030_2_00077603
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E66140_2_000E6614
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F76250_2_000F7625
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F46210_2_000F4621
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D06300_2_000D0630
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BF6660_2_000BF666
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C06780_2_000C0678
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0011E6660_2_0011E666
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B06AC0_2_000B06AC
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DF6BA0_2_000DF6BA
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000786C00_2_000786C0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000766D00_2_000766D0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BD6D30_2_000BD6D3
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B36D60_2_000B36D6
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000736E20_2_000736E2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CD6F40_2_000CD6F4
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0021A72A0_2_0021A72A
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000567100_2_00056710
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D372F0_2_000D372F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0008F7200_2_0008F720
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F27350_2_000F2735
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C775C0_2_000C775C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EF75B0_2_000EF75B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E37540_2_000E3754
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F87520_2_000F8752
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DE78F0_2_000DE78F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0005A7800_2_0005A780
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D179E0_2_000D179E
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000687920_2_00068792
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000ED79B0_2_000ED79B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FA7940_2_000FA794
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000657990_2_00065799
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DC7AE0_2_000DC7AE
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B67BA0_2_000B67BA
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FD7BD0_2_000FD7BD
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DD7BE0_2_000DD7BE
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000697C20_2_000697C2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0006E7C00_2_0006E7C0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E47EA0_2_000E47EA
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E57E80_2_000E57E8
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DB81D0_2_000DB81D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000888100_2_00088810
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0006682D0_2_0006682D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BA83D0_2_000BA83D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B084B0_2_000B084B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C186F0_2_000C186F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000738600_2_00073860
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0008D8800_2_0008D880
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C08850_2_000C0885
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D08950_2_000D0895
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CF8900_2_000CF890
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CA8AE0_2_000CA8AE
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000718A00_2_000718A0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EB8BC0_2_000EB8BC
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000788CB0_2_000788CB
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D28DF0_2_000D28DF
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E18EB0_2_000E18EB
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B99080_2_000B9908
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CE9260_2_000CE926
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D89210_2_000D8921
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000709390_2_00070939
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000809400_2_00080940
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020994B0_2_0020994B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000539700_2_00053970
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F898D0_2_000F898D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0008D9800_2_0008D980
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_002519B70_2_002519B7
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FF99C0_2_000FF99C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000559900_2_00055990
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BF9A20_2_000BF9A2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C09BE0_2_000C09BE
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EE9CC0_2_000EE9CC
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000679C10_2_000679C1
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EF9DE0_2_000EF9DE
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EA9DF0_2_000EA9DF
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FC9DC0_2_000FC9DC
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_002049CC0_2_002049CC
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CB9E10_2_000CB9E1
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EB9FA0_2_000EB9FA
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F49F20_2_000F49F2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00210A2E0_2_00210A2E
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FAA1B0_2_000FAA1B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000AFA150_2_000AFA15
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B7A3E0_2_000B7A3E
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D5A370_2_000D5A37
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0007CA490_2_0007CA49
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C8A420_2_000C8A42
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0007DA530_2_0007DA53
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0008DA800_2_0008DA80
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D9AAB0_2_000D9AAB
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C2AA60_2_000C2AA6
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B8AC00_2_000B8AC0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0007CAD00_2_0007CAD0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FDAD80_2_000FDAD8
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BDAD50_2_000BDAD5
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00218ACC0_2_00218ACC
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00086B080_2_00086B08
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EEB0A0_2_000EEB0A
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DEB1C0_2_000DEB1C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0007CB110_2_0007CB11
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B1B100_2_000B1B10
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0007CB220_2_0007CB22
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DCB3A0_2_000DCB3A
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0006CB400_2_0006CB40
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00213B6B0_2_00213B6B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00076B500_2_00076B50
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0008DB600_2_0008DB60
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000AFB660_2_000AFB66
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E4B630_2_000E4B63
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DFB840_2_000DFB84
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C4B970_2_000C4B97
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000ECB910_2_000ECB91
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D3BA70_2_000D3BA7
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00105BA60_2_00105BA6
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F3BB50_2_000F3BB5
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B0BB40_2_000B0BB4
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0005EBC30_2_0005EBC3
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0005DBD90_2_0005DBD9
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CDBEA0_2_000CDBEA
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EFBF60_2_000EFBF6
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0006DC000_2_0006DC00
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E8C040_2_000E8C04
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E5C170_2_000E5C17
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DBC110_2_000DBC11
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B3C2A0_2_000B3C2A
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00079C2B0_2_00079C2B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CCC4C0_2_000CCC4C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F5C4C0_2_000F5C4C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D1C580_2_000D1C58
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C7C6E0_2_000C7C6E
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B5C6F0_2_000B5C6F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00054C600_2_00054C60
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0006FC750_2_0006FC75
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C3C880_2_000C3C88
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D8C8B0_2_000D8C8B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BAC9B0_2_000BAC9B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0007AC900_2_0007AC90
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_002AAC8B0_2_002AAC8B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0008ECA00_2_0008ECA0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CBCA70_2_000CBCA7
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DDCBC0_2_000DDCBC
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CFCC40_2_000CFCC4
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C5CC60_2_000C5CC6
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F0CC20_2_000F0CC2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DCCDA0_2_000DCCDA
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E7CEF0_2_000E7CEF
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F8CE20_2_000F8CE2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D4CFA0_2_000D4CFA
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0021DCD90_2_0021DCD9
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000EDCF60_2_000EDCF6
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DAD1E0_2_000DAD1E
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CED280_2_000CED28
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D3D270_2_000D3D27
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0005CD460_2_0005CD46
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D2D510_2_000D2D51
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000DFD520_2_000DFD52
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BFD630_2_000BFD63
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D6DDB0_2_000D6DDB
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F2DD10_2_000F2DD1
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00067DEE0_2_00067DEE
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00087DF00_2_00087DF0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FDE090_2_000FDE09
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C1E2C0_2_000C1E2C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F6E290_2_000F6E29
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00075E300_2_00075E30
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B0E4C0_2_000B0E4C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BBE5F0_2_000BBE5F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E0E5B0_2_000E0E5B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BEE650_2_000BEE65
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00075E700_2_00075E70
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00086E740_2_00086E74
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B6E880_2_000B6E88
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0006DE800_2_0006DE80
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C8EB50_2_000C8EB5
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0008AEC00_2_0008AEC0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00055EE00_2_00055EE0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E2EF00_2_000E2EF0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00120F190_2_00120F19
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C9F1B0_2_000C9F1B
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D5F150_2_000D5F15
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00207F000_2_00207F00
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00073F200_2_00073F20
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FBF240_2_000FBF24
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D7F230_2_000D7F23
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00069F300_2_00069F30
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000E4F400_2_000E4F40
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00088F590_2_00088F59
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00052F500_2_00052F50
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00070F500_2_00070F50
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000FCF580_2_000FCF58
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C0F6D0_2_000C0F6D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000BCF610_2_000BCF61
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000AFF790_2_000AFF79
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C4F8F0_2_000C4F8F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000B8F8C0_2_000B8F8C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000ECF830_2_000ECF83
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00061F900_2_00061F90
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000CCF960_2_000CCF96
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0008EFB00_2_0008EFB0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D0FB20_2_000D0FB2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000F9FD80_2_000F9FD8
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0007DFE90_2_0007DFE9
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00162FEC0_2_00162FEC
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000D1FF70_2_000D1FF7
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000C6FF70_2_000C6FF7
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: String function: 00058030 appears 44 times
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: String function: 00064400 appears 65 times
      Source: xxLuwS60RS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: xxLuwS60RS.exeStatic PE information: Section: ZLIB complexity 0.9973311750856164
      Source: xxLuwS60RS.exeStatic PE information: Section: bgzhtrqq ZLIB complexity 0.9948828005870692
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@11/2
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_00080C70 CoCreateInstance,0_2_00080C70
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: xxLuwS60RS.exeReversingLabs: Detection: 60%
      Source: xxLuwS60RS.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeFile read: C:\Users\user\Desktop\xxLuwS60RS.exeJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: xxLuwS60RS.exeStatic file information: File size 1843712 > 1048576
      Source: xxLuwS60RS.exeStatic PE information: Raw size of bgzhtrqq is bigger than: 0x100000 < 0x199e00

      Data Obfuscation

      barindex
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeUnpacked PE file: 0.2.xxLuwS60RS.exe.50000.0.unpack :EW;.rsrc:W;.idata :W; :EW;bgzhtrqq:EW;xbodbsdh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;bgzhtrqq:EW;xbodbsdh:EW;.taggant:EW;
      Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
      Source: xxLuwS60RS.exeStatic PE information: real checksum: 0x1cb112 should be: 0x1cbb31
      Source: xxLuwS60RS.exeStatic PE information: section name:
      Source: xxLuwS60RS.exeStatic PE information: section name: .idata
      Source: xxLuwS60RS.exeStatic PE information: section name:
      Source: xxLuwS60RS.exeStatic PE information: section name: bgzhtrqq
      Source: xxLuwS60RS.exeStatic PE information: section name: xbodbsdh
      Source: xxLuwS60RS.exeStatic PE information: section name: .taggant
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000A8660 push 53A2F267h; mov dword ptr [esp], edx0_2_000A8FEC
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000A8660 push edx; mov dword ptr [esp], ebp0_2_000A90E3
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000AC003 push 7E3E8221h; mov dword ptr [esp], esi0_2_000AD15D
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push edi; mov dword ptr [esp], esp0_2_0020D03A
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push ebx; mov dword ptr [esp], 7FDFD053h0_2_0020D046
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push ecx; mov dword ptr [esp], esi0_2_0020D105
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push edi; mov dword ptr [esp], edx0_2_0020D149
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push ebp; mov dword ptr [esp], eax0_2_0020D172
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push 285C4AE0h; mov dword ptr [esp], esi0_2_0020D17F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push esi; mov dword ptr [esp], 4FD1D1E5h0_2_0020D206
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push ebx; mov dword ptr [esp], eax0_2_0020D296
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push eax; mov dword ptr [esp], esi0_2_0020D2A6
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push edi; mov dword ptr [esp], edx0_2_0020D369
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push edx; mov dword ptr [esp], eax0_2_0020D3B4
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push edi; mov dword ptr [esp], 57D57727h0_2_0020D489
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push 08F2E21Ah; mov dword ptr [esp], edx0_2_0020D525
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push ecx; mov dword ptr [esp], 04CB63B8h0_2_0020D529
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push edi; mov dword ptr [esp], 62E24400h0_2_0020D545
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push ecx; mov dword ptr [esp], eax0_2_0020D56C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push ecx; mov dword ptr [esp], eax0_2_0020D590
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push esi; mov dword ptr [esp], ebp0_2_0020D5C1
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push eax; mov dword ptr [esp], 1E688F00h0_2_0020D5E6
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push ebp; mov dword ptr [esp], 148F4BD8h0_2_0020D66C
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push 75EE842Bh; mov dword ptr [esp], esi0_2_0020D6F5
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push esi; mov dword ptr [esp], edx0_2_0020D747
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push ebx; mov dword ptr [esp], edx0_2_0020D76F
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push esi; mov dword ptr [esp], 7B1A590Bh0_2_0020D780
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push ebx; mov dword ptr [esp], eax0_2_0020D82E
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push ebp; mov dword ptr [esp], edi0_2_0020D8B0
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push 591CFDE5h; mov dword ptr [esp], edi0_2_0020DA2E
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0020D031 push esi; mov dword ptr [esp], edx0_2_0020DACA
      Source: xxLuwS60RS.exeStatic PE information: section name: entropy: 7.973868769187426
      Source: xxLuwS60RS.exeStatic PE information: section name: bgzhtrqq entropy: 7.953670694283733

      Boot Survival

      barindex
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeWindow searched: window name: RegmonClassJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeWindow searched: window name: RegmonclassJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeWindow searched: window name: FilemonclassJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

      Malware Analysis System Evasion

      barindex
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 222E9A second address: 222EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62B05h 0x00000009 pop esi 0x0000000a jmp 00007F6098E62AFCh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 211C92 second address: 211C98 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 221F09 second address: 221F22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62B05h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2221F2 second address: 222206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F6098E966B6h 0x0000000a pop ecx 0x0000000b ja 00007F6098E966BEh 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 22260A second address: 22260E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 22260E second address: 222612 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 222612 second address: 222618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 222761 second address: 222784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F6098E966BCh 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e jnc 00007F6098E966B6h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 222784 second address: 22279D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F6098E62AF6h 0x0000000a pop edx 0x0000000b jmp 00007F6098E62AFEh 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 22279D second address: 2227BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E966C8h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 224E66 second address: 224E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 224E6A second address: A79F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 6B30001Eh 0x0000000d pushad 0x0000000e mov dword ptr [ebp+122D2957h], ebx 0x00000014 add dword ptr [ebp+122D1B7Dh], esi 0x0000001a popad 0x0000001b jne 00007F6098E966B7h 0x00000021 push dword ptr [ebp+122D0929h] 0x00000027 jmp 00007F6098E966C3h 0x0000002c or edi, dword ptr [ebp+122D37C3h] 0x00000032 call dword ptr [ebp+122D28F8h] 0x00000038 pushad 0x00000039 stc 0x0000003a jl 00007F6098E966C2h 0x00000040 xor eax, eax 0x00000042 jmp 00007F6098E966BEh 0x00000047 mov edx, dword ptr [esp+28h] 0x0000004b stc 0x0000004c mov dword ptr [ebp+122D36C3h], eax 0x00000052 mov dword ptr [ebp+122D191Dh], eax 0x00000058 mov esi, 0000003Ch 0x0000005d xor dword ptr [ebp+122D2334h], esi 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 clc 0x00000068 lodsw 0x0000006a mov dword ptr [ebp+122D34CCh], eax 0x00000070 add eax, dword ptr [esp+24h] 0x00000074 jmp 00007F6098E966C3h 0x00000079 mov ebx, dword ptr [esp+24h] 0x0000007d pushad 0x0000007e mov edx, dword ptr [ebp+122D36BBh] 0x00000084 pushad 0x00000085 jne 00007F6098E966B6h 0x0000008b sub dword ptr [ebp+122D2334h], ecx 0x00000091 popad 0x00000092 popad 0x00000093 push eax 0x00000094 jnl 00007F6098E966C0h 0x0000009a push eax 0x0000009b push edx 0x0000009c push esi 0x0000009d pop esi 0x0000009e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 224EBE second address: 224F12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 and esi, 2A9D9B1Dh 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007F6098E62AF8h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b call 00007F6098E62AF9h 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 jmp 00007F6098E62B04h 0x00000038 jno 00007F6098E62AF6h 0x0000003e popad 0x0000003f rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 224F12 second address: 224F17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 224F17 second address: 224F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jo 00007F6098E62AFEh 0x00000010 push ebx 0x00000011 ja 00007F6098E62AF6h 0x00000017 pop ebx 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c pushad 0x0000001d ja 00007F6098E62AFCh 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 224F44 second address: 224F7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c jo 00007F6098E966C4h 0x00000012 jmp 00007F6098E966BEh 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 224F7D second address: 224F8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6098E62AFAh 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 224F8F second address: 224F93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 225140 second address: 225166 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6098E62AF8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F6098E62B01h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push esi 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 225166 second address: 225190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop esi 0x00000008 mov eax, dword ptr [eax] 0x0000000a push edi 0x0000000b jmp 00007F6098E966C4h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a pop edx 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 225190 second address: 22519A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6098E62AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 22519A second address: 2251A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E966BBh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2251A9 second address: 2251E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 mov esi, ebx 0x0000000b lea ebx, dword ptr [ebp+12450DC5h] 0x00000011 add dword ptr [ebp+122D289Fh], eax 0x00000017 xchg eax, ebx 0x00000018 push esi 0x00000019 push eax 0x0000001a push esi 0x0000001b pop esi 0x0000001c pop eax 0x0000001d pop esi 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F6098E62B08h 0x00000027 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 225235 second address: 225239 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 225239 second address: 22523F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 22523F second address: 225267 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jnl 00007F6098E966B6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 mov dx, bx 0x00000014 push 00000000h 0x00000016 add dl, FFFFFF85h 0x00000019 push 3EE7B437h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jl 00007F6098E966B6h 0x00000028 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 225267 second address: 225279 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62AFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 225279 second address: 225293 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E966C6h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 237408 second address: 23740C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 218577 second address: 21857D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 21857D second address: 218581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 218581 second address: 218585 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 218585 second address: 2185A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F6098E62AF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F6098E62B08h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2185A9 second address: 2185EE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6098E966C2h 0x00000008 jmp 00007F6098E966C8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F6098E966C2h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2185EE second address: 2185F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2185F2 second address: 21860D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F6098E966BDh 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 21860D second address: 218611 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2457C2 second address: 2457DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F6098E966C0h 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2457DD second address: 2457E2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 245AA4 second address: 245ACB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F6098E966D1h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 245ACB second address: 245AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F6098E62AF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 245AD7 second address: 245ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 245ADB second address: 245ADF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 245C3E second address: 245C42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 245D6D second address: 245D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6098E62B01h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2460A7 second address: 2460E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BAh 0x00000007 jc 00007F6098E966B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jnc 00007F6098E966B6h 0x00000016 jmp 00007F6098E966C5h 0x0000001b jmp 00007F6098E966BFh 0x00000020 popad 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2460E7 second address: 24611A instructions: 0x00000000 rdtsc 0x00000002 je 00007F6098E62B13h 0x00000008 jmp 00007F6098E62B07h 0x0000000d jbe 00007F6098E62AF6h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 jns 00007F6098E62B06h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e pop eax 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 24611A second address: 24611E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 24651E second address: 246522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 24713F second address: 247143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 247143 second address: 247147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2472B8 second address: 2472BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2472BD second address: 2472D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F6098E62AF6h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2472D2 second address: 2472ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E966C5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2472ED second address: 2472F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2472F8 second address: 247309 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 249A03 second address: 249A3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007F6098E62B04h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F6098E62B04h 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 248434 second address: 248442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 21A18F second address: 21A1A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B06h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25148B second address: 25148F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25148F second address: 251493 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2519A8 second address: 2519B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2567C1 second address: 2567C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2567C5 second address: 2567C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2567C9 second address: 2567D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2567D3 second address: 2567D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2567D7 second address: 25680D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 7F6D9961h 0x0000000e add dword ptr [ebp+12451DB2h], eax 0x00000014 push F3F35BB8h 0x00000019 pushad 0x0000001a jo 00007F6098E62AF8h 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F6098E62B02h 0x00000027 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25680D second address: 256811 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 256CE8 second address: 256CEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 256CEE second address: 256CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 256CF2 second address: 256D1F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d ja 00007F6098E62AF6h 0x00000013 popad 0x00000014 pushad 0x00000015 jmp 00007F6098E62B06h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 256E4E second address: 256E54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 256E54 second address: 256E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 256E58 second address: 256E5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 256FD5 second address: 256FD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 256FD9 second address: 256FEB instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push ebx 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25756C second address: 257570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 257570 second address: 2575A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6098E966BBh 0x00000008 jmp 00007F6098E966C4h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F6098E966BCh 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2575A4 second address: 2575AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F6098E62AF6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2575AE second address: 2575B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25777E second address: 257784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2579B1 second address: 2579C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E966BFh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 258EA1 second address: 258EA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25AF34 second address: 25AF3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25AF3A second address: 25AF58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F6098E62B01h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25AF58 second address: 25AF5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25BA22 second address: 25BA82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007F6098E62AF8h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 xor di, 5D3Bh 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 call 00007F6098E62AF8h 0x00000035 pop ecx 0x00000036 mov dword ptr [esp+04h], ecx 0x0000003a add dword ptr [esp+04h], 00000019h 0x00000042 inc ecx 0x00000043 push ecx 0x00000044 ret 0x00000045 pop ecx 0x00000046 ret 0x00000047 cld 0x00000048 push eax 0x00000049 pushad 0x0000004a jbe 00007F6098E62AFCh 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25B80E second address: 25B813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25BA82 second address: 25BA8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25B813 second address: 25B82C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E966C5h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25D076 second address: 25D103 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6098E62AF8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F6098E62AF8h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 sbb di, C68Bh 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edx 0x00000031 call 00007F6098E62AF8h 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], edx 0x0000003b add dword ptr [esp+04h], 0000001Ch 0x00000043 inc edx 0x00000044 push edx 0x00000045 ret 0x00000046 pop edx 0x00000047 ret 0x00000048 push 00000000h 0x0000004a push 00000000h 0x0000004c push esi 0x0000004d call 00007F6098E62AF8h 0x00000052 pop esi 0x00000053 mov dword ptr [esp+04h], esi 0x00000057 add dword ptr [esp+04h], 00000014h 0x0000005f inc esi 0x00000060 push esi 0x00000061 ret 0x00000062 pop esi 0x00000063 ret 0x00000064 xchg eax, ebx 0x00000065 jmp 00007F6098E62B01h 0x0000006a push eax 0x0000006b push eax 0x0000006c push eax 0x0000006d push edx 0x0000006e push esi 0x0000006f pop esi 0x00000070 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 210222 second address: 21022C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6098E966BEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 21BCBA second address: 21BCDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6098E62B07h 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25D850 second address: 25D854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25D854 second address: 25D859 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25E3C7 second address: 25E3D5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25D859 second address: 25D879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F6098E62B06h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2643D8 second address: 2643E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25E3D5 second address: 25E3D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 26530C second address: 2653A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 nop 0x00000007 jmp 00007F6098E966BFh 0x0000000c push dword ptr fs:[00000000h] 0x00000013 or di, 6868h 0x00000018 mov dword ptr fs:[00000000h], esp 0x0000001f sbb di, AB90h 0x00000024 mov eax, dword ptr [ebp+122D09B1h] 0x0000002a push 00000000h 0x0000002c push esi 0x0000002d call 00007F6098E966B8h 0x00000032 pop esi 0x00000033 mov dword ptr [esp+04h], esi 0x00000037 add dword ptr [esp+04h], 00000016h 0x0000003f inc esi 0x00000040 push esi 0x00000041 ret 0x00000042 pop esi 0x00000043 ret 0x00000044 mov dword ptr [ebp+122D28ACh], eax 0x0000004a mov di, D523h 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push eax 0x00000053 call 00007F6098E966B8h 0x00000058 pop eax 0x00000059 mov dword ptr [esp+04h], eax 0x0000005d add dword ptr [esp+04h], 00000018h 0x00000065 inc eax 0x00000066 push eax 0x00000067 ret 0x00000068 pop eax 0x00000069 ret 0x0000006a call 00007F6098E966BEh 0x0000006f push edx 0x00000070 mov ebx, dword ptr [ebp+124737B6h] 0x00000076 pop ebx 0x00000077 pop ebx 0x00000078 push eax 0x00000079 push eax 0x0000007a push edx 0x0000007b push edi 0x0000007c push eax 0x0000007d push edx 0x0000007e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 266197 second address: 26619B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2643E2 second address: 2643E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2653A7 second address: 2653AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2643E6 second address: 2643EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2671F5 second address: 2671F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2671F9 second address: 2671FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 266308 second address: 266318 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 266318 second address: 26631E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 26631E second address: 266323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 266323 second address: 2663AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a xor ebx, 50F193C1h 0x00000010 push dword ptr fs:[00000000h] 0x00000017 sub dword ptr [ebp+122D296Bh], ebx 0x0000001d mov edi, esi 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 push 00000000h 0x00000028 push esi 0x00000029 call 00007F6098E966B8h 0x0000002e pop esi 0x0000002f mov dword ptr [esp+04h], esi 0x00000033 add dword ptr [esp+04h], 00000017h 0x0000003b inc esi 0x0000003c push esi 0x0000003d ret 0x0000003e pop esi 0x0000003f ret 0x00000040 mov dword ptr [ebp+1246F3D2h], esi 0x00000046 mov dword ptr [ebp+122D2890h], edi 0x0000004c mov eax, dword ptr [ebp+122D0C25h] 0x00000052 jnl 00007F6098E966C3h 0x00000058 jns 00007F6098E966B9h 0x0000005e push FFFFFFFFh 0x00000060 sub dword ptr [ebp+122D26DDh], ebx 0x00000066 nop 0x00000067 push esi 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2663AF second address: 2663B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 268234 second address: 26824C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6098E966C1h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 267386 second address: 26738A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 26738A second address: 2673C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F6098E966C9h 0x0000000e pushad 0x0000000f jmp 00007F6098E966C4h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 26BAF0 second address: 26BAF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 26F792 second address: 26F797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2706E0 second address: 2706E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2706E4 second address: 270742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 add dword ptr [ebp+122D1B89h], edx 0x0000000f mov edi, dword ptr [ebp+122D38D7h] 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007F6098E966B8h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 00000014h 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ebp 0x00000036 call 00007F6098E966B8h 0x0000003b pop ebp 0x0000003c mov dword ptr [esp+04h], ebp 0x00000040 add dword ptr [esp+04h], 0000001Ah 0x00000048 inc ebp 0x00000049 push ebp 0x0000004a ret 0x0000004b pop ebp 0x0000004c ret 0x0000004d xchg eax, esi 0x0000004e push edi 0x0000004f pushad 0x00000050 push edx 0x00000051 pop edx 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 26DACD second address: 26DAD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 26DAD3 second address: 26DAD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 26DAD7 second address: 26DADB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 26CB0C second address: 26CB16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F6098E966B6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 27269F second address: 2726B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnc 00007F6098E62B00h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2726B0 second address: 272731 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push eax 0x0000000a call 00007F6098E966B8h 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 add dword ptr [esp+04h], 0000001Bh 0x0000001c inc eax 0x0000001d push eax 0x0000001e ret 0x0000001f pop eax 0x00000020 ret 0x00000021 mov dword ptr [ebp+122D2300h], edi 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push ecx 0x0000002c call 00007F6098E966B8h 0x00000031 pop ecx 0x00000032 mov dword ptr [esp+04h], ecx 0x00000036 add dword ptr [esp+04h], 0000001Ch 0x0000003e inc ecx 0x0000003f push ecx 0x00000040 ret 0x00000041 pop ecx 0x00000042 ret 0x00000043 call 00007F6098E966C2h 0x00000048 mov bx, di 0x0000004b pop edi 0x0000004c push 00000000h 0x0000004e push eax 0x0000004f push ecx 0x00000050 pushad 0x00000051 popad 0x00000052 pop ebx 0x00000053 pop ebx 0x00000054 mov dword ptr [ebp+122D289Ah], ecx 0x0000005a xchg eax, esi 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 pop eax 0x00000061 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 272731 second address: 272745 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2718C1 second address: 2718C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2718C7 second address: 271968 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6098E62AFCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push ecx 0x0000000c jmp 00007F6098E62B09h 0x00000011 pop ebx 0x00000012 jmp 00007F6098E62B00h 0x00000017 push dword ptr fs:[00000000h] 0x0000001e mov di, ax 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 mov ebx, dword ptr [ebp+122D3827h] 0x0000002e mov eax, dword ptr [ebp+122D0965h] 0x00000034 mov dword ptr [ebp+122D2710h], ecx 0x0000003a push FFFFFFFFh 0x0000003c push 00000000h 0x0000003e push edx 0x0000003f call 00007F6098E62AF8h 0x00000044 pop edx 0x00000045 mov dword ptr [esp+04h], edx 0x00000049 add dword ptr [esp+04h], 00000019h 0x00000051 inc edx 0x00000052 push edx 0x00000053 ret 0x00000054 pop edx 0x00000055 ret 0x00000056 call 00007F6098E62B02h 0x0000005b mov edi, esi 0x0000005d pop ebx 0x0000005e nop 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 jbe 00007F6098E62AF6h 0x00000068 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 271968 second address: 271971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 273766 second address: 27376A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 272967 second address: 272977 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 27389F second address: 2738A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 27A9EC second address: 27AA00 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jp 00007F6098E966CBh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 27B464 second address: 27B46A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 27E2AD second address: 27E2BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F6098E966BEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 27E2BA second address: 27E2C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 27E2C0 second address: 27E2CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F6098E966B6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 27E5C0 second address: 27E5C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 284D45 second address: 284D66 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d ja 00007F6098E966B6h 0x00000013 jmp 00007F6098E966BDh 0x00000018 popad 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 284D66 second address: 284DA6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6098E62B0Fh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6098E62B07h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 284E0B second address: 284E1E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F6098E966BAh 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 288F77 second address: 288F7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 288F7F second address: 288F91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F6098E966B6h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 288F91 second address: 288F9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007F6098E62AF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 28922C second address: 289231 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 289231 second address: 289239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2893C3 second address: 2893C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 28EFE1 second address: 28EFE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 28EFE6 second address: 28EFEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 28EFEC second address: 28EFF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 28EFF0 second address: 28EFF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 28DEC6 second address: 28DECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2538E8 second address: 2538EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2538EC second address: 23D691 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6098E62AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007F6098E62AF8h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 push eax 0x00000014 jno 00007F6098E62AFEh 0x0000001a nop 0x0000001b mov edx, dword ptr [ebp+122D2799h] 0x00000021 call dword ptr [ebp+122D3517h] 0x00000027 push eax 0x00000028 push edx 0x00000029 jbe 00007F6098E62AF8h 0x0000002f push ebx 0x00000030 pop ebx 0x00000031 jl 00007F6098E62AF8h 0x00000037 push eax 0x00000038 pop eax 0x00000039 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 253F2D second address: 253F7A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007F6098E966B6h 0x0000000d jmp 00007F6098E966C8h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 jnp 00007F6098E966B8h 0x0000001c pushad 0x0000001d jmp 00007F6098E966C9h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 253F7A second address: 253F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 253F8C second address: 25402B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6098E966B8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f pushad 0x00000010 jng 00007F6098E966B6h 0x00000016 jmp 00007F6098E966C9h 0x0000001b popad 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 jmp 00007F6098E966BDh 0x00000026 pop eax 0x00000027 mov ecx, esi 0x00000029 jmp 00007F6098E966C0h 0x0000002e call 00007F6098E966B9h 0x00000033 jmp 00007F6098E966BCh 0x00000038 push eax 0x00000039 jmp 00007F6098E966BDh 0x0000003e mov eax, dword ptr [esp+04h] 0x00000042 jmp 00007F6098E966BBh 0x00000047 mov eax, dword ptr [eax] 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F6098E966C4h 0x00000050 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25402B second address: 254059 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62AFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6098E62B04h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 254059 second address: 25405D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 254170 second address: 254174 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 254174 second address: 25417D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 25417D second address: 254183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2548A9 second address: 2548DB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6098E966C1h 0x00000008 jmp 00007F6098E966BBh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 pushad 0x00000013 mov dword ptr [ebp+122D2455h], edx 0x00000019 mov edi, dword ptr [ebp+122D38F7h] 0x0000001f popad 0x00000020 push 0000001Eh 0x00000022 or dx, 3887h 0x00000027 push eax 0x00000028 pushad 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2548DB second address: 2548F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62B04h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 254A5C second address: 254A77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 254A77 second address: 254A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 254C07 second address: 254C0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 254C0B second address: 254C49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62AFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov eax, dword ptr [eax] 0x0000000c jnp 00007F6098E62B0Fh 0x00000012 ja 00007F6098E62B09h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f push esi 0x00000020 pop esi 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 254CDC second address: 254CE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 28E2D9 second address: 28E2E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62AFAh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 28E2E7 second address: 28E317 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6098E966C1h 0x0000000b pushad 0x0000000c jmp 00007F6098E966BDh 0x00000011 jnc 00007F6098E966B8h 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 28E456 second address: 28E45B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 28E84D second address: 28E864 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F6098E966C1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 28EB89 second address: 28EB8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 28EB8F second address: 28EB9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F6098E966B6h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 292545 second address: 292549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 292549 second address: 292580 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F6098E966C2h 0x0000000c pop eax 0x0000000d je 00007F6098E966D2h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 ja 00007F6098E966B6h 0x0000001c jnl 00007F6098E966B6h 0x00000022 popad 0x00000023 jc 00007F6098E966BCh 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 297CD5 second address: 297CE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 297CE1 second address: 297D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F6098E966B6h 0x0000000a popad 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e jmp 00007F6098E966C6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 297D07 second address: 297D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62AFBh 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 297D1A second address: 297D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007F6098E966BDh 0x00000012 push edi 0x00000013 pop edi 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 popad 0x00000017 push ebx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a push edx 0x0000001b pop edx 0x0000001c pop ebx 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 296BA7 second address: 296BB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 296BB3 second address: 296BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 296BB8 second address: 296BC3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jp 00007F6098E62AF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 296D1B second address: 296D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 296D21 second address: 296D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 296D26 second address: 296D52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F6098E966C9h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F6098E966C1h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 296D52 second address: 296D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F6098E62AF6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 297056 second address: 297070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6098E966C3h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 297070 second address: 297080 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6098E62AF6h 0x00000008 jng 00007F6098E62AF6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 297215 second address: 297227 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 297227 second address: 29722B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 29722B second address: 297236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 297236 second address: 29723C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2974C2 second address: 2974DB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F6098E966BCh 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2974DB second address: 2974E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2974E1 second address: 2974F1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F6098E966B6h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2974F1 second address: 2974F7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 297A3E second address: 297A43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 297A43 second address: 297A48 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 29E5C3 second address: 29E5C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 29D23D second address: 29D243 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 29D243 second address: 29D247 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 29D391 second address: 29D3DB instructions: 0x00000000 rdtsc 0x00000002 js 00007F6098E62AF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jl 00007F6098E62AF6h 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 push edx 0x00000018 pop edx 0x00000019 popad 0x0000001a push edi 0x0000001b pushad 0x0000001c popad 0x0000001d pop edi 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 je 00007F6098E62B11h 0x00000027 push eax 0x00000028 push edx 0x00000029 jne 00007F6098E62AF6h 0x0000002f rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 29D3DB second address: 29D3E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 29D3E3 second address: 29D3E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 29D527 second address: 29D533 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007F6098E966B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 29DD18 second address: 29DD40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F6098E62AFDh 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6098E62B04h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 29DD40 second address: 29DD46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 29DD46 second address: 29DD4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2A3C88 second address: 2A3C8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2A6D8D second address: 2A6D98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2A6D98 second address: 2A6DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f push ecx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 pop eax 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2A6630 second address: 2A663F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jng 00007F6098E62AF6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2A663F second address: 2A6676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F6098E966C2h 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6098E966C6h 0x00000013 jnc 00007F6098E966B6h 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2A68F9 second address: 2A6928 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B06h 0x00000007 jmp 00007F6098E62AFDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007F6098E62AF6h 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AAF42 second address: 2AAF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AAF4D second address: 2AAF51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AAF51 second address: 2AAF5F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AAF5F second address: 2AAF96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B02h 0x00000007 jmp 00007F6098E62AFFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6098E62AFFh 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AAF96 second address: 2AAFA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F6098E966B6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AB234 second address: 2AB244 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62AFCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AB244 second address: 2AB281 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6098E966C4h 0x0000000b push edi 0x0000000c jmp 00007F6098E966C2h 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a jc 00007F6098E966B6h 0x00000020 popad 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AB41D second address: 2AB429 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007F6098E62AF6h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AB429 second address: 2AB439 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AB58D second address: 2AB592 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AB592 second address: 2AB5B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jc 00007F6098E966B6h 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f jnl 00007F6098E966BAh 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c jl 00007F6098E966B6h 0x00000022 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AB5B8 second address: 2AB5BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AB5BC second address: 2AB5C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2AE67C second address: 2AE698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62AFDh 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jns 00007F6098E62AF6h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2B467D second address: 2B468B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F6098E966BCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2B468B second address: 2B46C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F6098E62B02h 0x0000000d jmp 00007F6098E62AFCh 0x00000012 pushad 0x00000013 jng 00007F6098E62AF6h 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007F6098E62B00h 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2B46C0 second address: 2B46CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F6098E966B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2B46CB second address: 2B46D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2B31C3 second address: 2B31D0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2B31D0 second address: 2B31D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2B32FD second address: 2B3308 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2B3624 second address: 2B3631 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2546D8 second address: 2546DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2546DC second address: 2546E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2B38EB second address: 2B38F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2B38F1 second address: 2B3913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62B05h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F6098E62AF6h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2B3913 second address: 2B393E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6098E966B6h 0x00000008 jl 00007F6098E966B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F6098E966C9h 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2BACDA second address: 2BACF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E62B09h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2BACF7 second address: 2BAD20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F6098E966BBh 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2BAD20 second address: 2BAD2A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6098E62AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2BAFDD second address: 2BAFE7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6098E966BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2BC6A4 second address: 2BC6AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2C202A second address: 2C2030 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2094B5 second address: 2094BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2C5FC2 second address: 2C5FC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2C5FC8 second address: 2C5FE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62AFBh 0x00000007 jo 00007F6098E62AF6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2C5FE1 second address: 2C5FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2C5311 second address: 2C531E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push esi 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2C579B second address: 2C57B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop ecx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2C57B8 second address: 2C57BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2C5968 second address: 2C5972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CDACC second address: 2CDAE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6098E62AFAh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CDAE8 second address: 2CDAEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CDAEC second address: 2CDB05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F6098E62AFFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CDF59 second address: 2CDF5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CDF5D second address: 2CDF7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F6098E62B09h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CDF7C second address: 2CDFA3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F6098E966C9h 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d js 00007F6098E966B6h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CDFA3 second address: 2CDFC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B06h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CDFC4 second address: 2CDFC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CE10E second address: 2CE114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CE3FC second address: 2CE42A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F6098E966BCh 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F6098E966C9h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CE42A second address: 2CE431 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CE6C7 second address: 2CE6CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CF0D9 second address: 2CF0DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CF0DE second address: 2CF103 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F6098E966BEh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CF103 second address: 2CF107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CF107 second address: 2CF111 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CF111 second address: 2CF137 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6098E62B11h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CF137 second address: 2CF13D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CF13D second address: 2CF143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2CF818 second address: 2CF83F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F6098E966BEh 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2D2EE0 second address: 2D2EE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2D6E65 second address: 2D6E74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E3851 second address: 2E3859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E3859 second address: 2E3863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E58DA second address: 2E58DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E58DE second address: 2E5911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F6098E966C8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F6098E966C5h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E5911 second address: 2E592D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F6098E62B03h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E592D second address: 2E594C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a jmp 00007F6098E966C3h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E594C second address: 2E5951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E5951 second address: 2E5957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E5957 second address: 2E595B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E556E second address: 2E5597 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BBh 0x00000007 jmp 00007F6098E966BAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 jne 00007F6098E966B6h 0x0000001e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E5597 second address: 2E559B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E559B second address: 2E55B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E966C8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E55B9 second address: 2E55BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E6E63 second address: 2E6E69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2E6E69 second address: 2E6E99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jns 00007F6098E62B0Bh 0x0000000d jmp 00007F6098E62AFBh 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2F7241 second address: 2F724B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F6098E966B6h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2F70BA second address: 2F70D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62B09h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2F70D7 second address: 2F7105 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F6098E966B8h 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 jmp 00007F6098E966BDh 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2FE7FD second address: 2FE81C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jo 00007F6098E62AF6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2FE81C second address: 2FE821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2FD24C second address: 2FD250 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2FD4FD second address: 2FD501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2FD501 second address: 2FD50D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F6098E62AF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2FD50D second address: 2FD530 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E966BAh 0x00000009 jmp 00007F6098E966C5h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2FD7BC second address: 2FD7C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2FD7C0 second address: 2FD7D3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 jp 00007F6098E966B8h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2FD7D3 second address: 2FD7D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2FD7D9 second address: 2FD7DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 2FD8F8 second address: 2FD909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62AFDh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 300E4C second address: 300E58 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 300E58 second address: 300E5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 300E5C second address: 300E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F6098E966B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 300CDA second address: 300CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 300CE0 second address: 300D02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push ecx 0x00000008 jno 00007F6098E966B6h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6098E966C1h 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 300D02 second address: 300D08 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 303509 second address: 303531 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F6098E966D1h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 303531 second address: 30353D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F6098E62AF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 303674 second address: 303679 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 303679 second address: 303688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F6098E62AF6h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 312099 second address: 3120A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 30DAB1 second address: 30DAC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jng 00007F6098E62AF6h 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 31FFBD second address: 31FFC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 31FFC3 second address: 31FFE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jnc 00007F6098E62AF6h 0x0000000c jl 00007F6098E62AF6h 0x00000012 pop edx 0x00000013 popad 0x00000014 jns 00007F6098E62B08h 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d pushad 0x0000001e popad 0x0000001f push edi 0x00000020 pop edi 0x00000021 popad 0x00000022 push ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 320133 second address: 320139 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 320139 second address: 32013F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 32013F second address: 320143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 320143 second address: 320161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62B05h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 320161 second address: 32016B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 333C83 second address: 333C88 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 333F76 second address: 333F9C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6098E966C2h 0x00000008 jmp 00007F6098E966BCh 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 jmp 00007F6098E966BEh 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 333F9C second address: 333FCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jmp 00007F6098E62B02h 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 333FCC second address: 333FEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966C2h 0x00000007 jmp 00007F6098E966BAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 334166 second address: 33416C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 33472A second address: 334736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push esi 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 334B8C second address: 334BA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F6098E62AF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007F6098E62AF6h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 334BA0 second address: 334BA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 3364A4 second address: 3364AA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 33A890 second address: 33A894 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRDTSC instruction interceptor: First address: 33C736 second address: 33C73B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSpecial instruction interceptor: First address: A799D instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSpecial instruction interceptor: First address: A7A75 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSpecial instruction interceptor: First address: 249AD8 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSpecial instruction interceptor: First address: 2485B8 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSpecial instruction interceptor: First address: 248CB1 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSpecial instruction interceptor: First address: 24827B instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSpecial instruction interceptor: First address: 27B4AB instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSpecial instruction interceptor: First address: 253A0C instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSpecial instruction interceptor: First address: 2D852C instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000A80EC rdtsc 0_2_000A80EC
      Source: C:\Users\user\Desktop\xxLuwS60RS.exe TID: 5068Thread sleep time: -120000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exe TID: 5696Thread sleep time: -30000s >= -30000sJump to behavior
      Source: xxLuwS60RS.exe, xxLuwS60RS.exe, 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
      Source: xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000B78000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176738875.0000000000BD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176738875.0000000000BD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
      Source: xxLuwS60RS.exe, 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeOpen window title or class name: regmonclass
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeOpen window title or class name: gbdyllo
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeOpen window title or class name: procmon_window_class
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeOpen window title or class name: ollydbg
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeOpen window title or class name: filemonclass
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeFile opened: NTICE
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeFile opened: SICE
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeFile opened: SIWVID
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_000A80EC rdtsc 0_2_000A80EC
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeCode function: 0_2_0008C1F0 LdrInitializeThunk,0_2_0008C1F0

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Source: xxLuwS60RS.exeString found in binary or memory: rapeflowwj.lat
      Source: xxLuwS60RS.exeString found in binary or memory: crosshuaht.lat
      Source: xxLuwS60RS.exeString found in binary or memory: sustainskelet.lat
      Source: xxLuwS60RS.exeString found in binary or memory: aspecteirs.lat
      Source: xxLuwS60RS.exeString found in binary or memory: energyaffai.lat
      Source: xxLuwS60RS.exeString found in binary or memory: necklacebudi.lat
      Source: xxLuwS60RS.exeString found in binary or memory: discokeyus.lat
      Source: xxLuwS60RS.exeString found in binary or memory: grannyejh.lat
      Source: xxLuwS60RS.exeString found in binary or memory: sweepyribs.lat
      Source: xxLuwS60RS.exe, xxLuwS60RS.exe, 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
      Source: C:\Users\user\Desktop\xxLuwS60RS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Command and Scripting Interpreter
      1
      DLL Side-Loading
      1
      Process Injection
      24
      Virtualization/Sandbox Evasion
      OS Credential Dumping641
      Security Software Discovery
      Remote Services1
      Archive Collected Data
      11
      Encrypted Channel
      Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      PowerShell
      Boot or Logon Initialization Scripts1
      DLL Side-Loading
      1
      Process Injection
      LSASS Memory24
      Virtualization/Sandbox Evasion
      Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Deobfuscate/Decode Files or Information
      Security Account Manager2
      Process Discovery
      SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
      Obfuscated Files or Information
      NTDS23
      System Information Discovery
      Distributed Component Object ModelInput Capture114
      Application Layer Protocol
      Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
      Software Packing
      LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading
      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      xxLuwS60RS.exe61%ReversingLabsWin32.Trojan.LummaStealer
      xxLuwS60RS.exe100%AviraTR/Crypt.XPACK.Gen
      xxLuwS60RS.exe100%Joe Sandbox ML
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      No Antivirus matches
      NameIPActiveMaliciousAntivirus DetectionReputation
      steamcommunity.com
      23.55.153.106
      truefalse
        high
        lev-tolstoi.com
        172.67.157.254
        truefalse
          high
          sustainskelet.lat
          unknown
          unknownfalse
            high
            crosshuaht.lat
            unknown
            unknownfalse
              high
              rapeflowwj.lat
              unknown
              unknownfalse
                high
                grannyejh.lat
                unknown
                unknownfalse
                  high
                  aspecteirs.lat
                  unknown
                  unknownfalse
                    high
                    sweepyribs.lat
                    unknown
                    unknownfalse
                      high
                      discokeyus.lat
                      unknown
                      unknownfalse
                        high
                        energyaffai.lat
                        unknown
                        unknownfalse
                          high
                          necklacebudi.lat
                          unknown
                          unknownfalse
                            high
                            NameMaliciousAntivirus DetectionReputation
                            aspecteirs.latfalse
                              high
                              sweepyribs.latfalse
                                high
                                sustainskelet.latfalse
                                  high
                                  rapeflowwj.latfalse
                                    high
                                    https://steamcommunity.com/profiles/76561199724331900false
                                      high
                                      energyaffai.latfalse
                                        high
                                        https://lev-tolstoi.com/apifalse
                                          high
                                          grannyejh.latfalse
                                            high
                                            necklacebudi.latfalse
                                              high
                                              crosshuaht.latfalse
                                                high
                                                discokeyus.latfalse
                                                  high
                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://player.vimeo.comxxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://steamcommunity.com/?subsection=broadcastsxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://store.steampowered.com/subscriber_agreement/xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://www.gstatic.cn/recaptcha/xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://lev-tolstoi.com/apiHvxxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEExxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://www.valvesoftware.com/legal.htmxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://www.youtube.comxxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://www.google.comxxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://cdn.fastly.steamstatic.com/steamcommunitxxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://www.microsoft.cMxxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://lev-tolstoi.com/RxxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englxxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://s.ytimg.com;xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://community.fastly.steamstatic.com/xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://steam.tv/xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://lev-tolstoi.com/xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166567531.0000000000BB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://store.steampowered.com/privacy_agreement/xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://store.steampowered.com/points/shop/xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&axxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://sketchfab.comxxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://lv.queniujq.cnxxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://steamcommunity.com/profiles/76561199724331900/inventory/xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://www.youtube.com/xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://store.steampowered.com/privacy_agreement/xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://www.google.com/recaptcha/xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://checkout.steampowered.com/xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://store.steampowered.com/;xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://store.steampowered.com/about/xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://steamcommunity.com/my/wishlist/xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://help.steampowered.com/en/xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://steamcommunity.com/market/xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://store.steampowered.com/news/xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&amp;l=exxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://store.steampowered.com/subscriber_agreement/xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgxxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://recaptcha.net/recaptcha/;xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://steamcommunity.com/discussions/xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://store.steampowered.com/stats/xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://medal.tvxxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://broadcast.st.dl.eccdnx.comxxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&axxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://store.steampowered.com/steam_refunds/xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&axxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=exxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://steamcommunity.com/workshop/xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://login.steampowered.com/xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbxxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://store.steampowered.com/legal/xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&axxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=englxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://lev-tolstoi.com/2xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    unknown
                                                                                                                                                                                                    https://recaptcha.netxxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://store.steampowered.com/xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          http://127.0.0.1:27060xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgxxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  https://lev-tolstoi.com/apiexxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    unknown
                                                                                                                                                                                                                    https://discokeyus.lat/xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000B93000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampxxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://help.steampowered.com/xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          https://api.steampowered.com/xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            http://store.steampowered.com/account/cookiepreferences/xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              https://store.steampowered.com/mobilexxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                https://steamcommunity.com/xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                    • 75% < No. of IPs
                                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                    172.67.157.254
                                                                                                                                                                                                                                    lev-tolstoi.comUnited States
                                                                                                                                                                                                                                    13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                    23.55.153.106
                                                                                                                                                                                                                                    steamcommunity.comUnited States
                                                                                                                                                                                                                                    20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                    Analysis ID:1579687
                                                                                                                                                                                                                                    Start date and time:2024-12-23 07:35:10 +01:00
                                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                    Overall analysis duration:0h 3m 2s
                                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                    Number of analysed new started processes analysed:2
                                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                                    Sample name:xxLuwS60RS.exe
                                                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                                                    Original Sample Name:2cadc9fdc1b98560776cb3750bbc52ad.exe
                                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                                    Classification:mal100.troj.evad.winEXE@1/0@11/2
                                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                                    HCA Information:Failed
                                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                                                    • Stop behavior analysis, all processes terminated
                                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
                                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                    • VT rate limit hit for: xxLuwS60RS.exe
                                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                                    01:36:06API Interceptor11x Sleep call for process: xxLuwS60RS.exe modified
                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    172.67.157.2549pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        BZuk2UI1RC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        23.55.153.1065RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                            TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                  20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                    ieD6yf6yc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                            lev-tolstoi.com5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            BZuk2UI1RC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            steamcommunity.com5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            ieD6yf6yc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                            AKAMAI-ASN1EU5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            ieD6yf6yc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            CLOUDFLARENETUSschost.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                            • 104.21.6.116
                                                                                                                                                                                                                                                                            5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                                                            NQbg5Ht2hW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                            a0e9f5d64349fb13191bc781f81f42e1schost.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            0gnHF2twcT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            20yLTIU4mS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            ieD6yf6yc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            Qsqi9KQXgy.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            tPSrcPbmRe.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                                                            No context
                                                                                                                                                                                                                                                                            No created / dropped files found
                                                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                            Entropy (8bit):7.947284056407422
                                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                            File name:xxLuwS60RS.exe
                                                                                                                                                                                                                                                                            File size:1'843'712 bytes
                                                                                                                                                                                                                                                                            MD5:2cadc9fdc1b98560776cb3750bbc52ad
                                                                                                                                                                                                                                                                            SHA1:15c1d08b1555e3f1f54cf95cf7333150c29879c2
                                                                                                                                                                                                                                                                            SHA256:4c118f4af126877304c23b32bc0b0fb83956ac0d3842a047dd6f9264473fa309
                                                                                                                                                                                                                                                                            SHA512:1e732b97966a44824b134995c3ba226a4938c1bc9c58f4de90a79bc081f0adc3d10b1546a4fdb7a4800ff161c09d7cdd68341f636fe2ad9b43775d2b06bb0ae3
                                                                                                                                                                                                                                                                            SSDEEP:24576:aOKdUHOlkYh5W8jpzzOxoGb3podz7nZYiNgdQ5Q+prFUUwIxg+I07YBsLnW:SdUuDh5WyxTy0XZ8+7RF9HrI07f
                                                                                                                                                                                                                                                                            TLSH:9A8533146DB598FEEC3A82B15635C03ABBC301E79BACF2F3441621F61632EA535416F6
                                                                                                                                                                                                                                                                            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................I...........@..........................@I...........@.................................T0..h..
                                                                                                                                                                                                                                                                            Icon Hash:00928e8e8686b000
                                                                                                                                                                                                                                                                            Entrypoint:0x891000
                                                                                                                                                                                                                                                                            Entrypoint Section:.taggant
                                                                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                            Time Stamp:0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
                                                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                                                            File Version Major:6
                                                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                                                            Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                                                            jmp 00007F6098BC5EDAh
                                                                                                                                                                                                                                                                            ltr word ptr [eax+eax]
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            jmp 00007F6098BC7ED5h
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x530540x68.idata
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x1ac.rsrc
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x531f80x8.idata
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                            0x10000x510000x24800494ab60c3f6fd8a0337b646fdafffbbdFalse0.9973311750856164data7.973868769187426IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                            .rsrc0x520000x1ac0x20075720b8ea60aa06a31806981b744f74eFalse0.5390625data5.245569576626531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                            .idata 0x530000x10000x20019a29171433eeef17e42fd663f137134False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                            0x540000x2a20000x200b057a2c5bc510a01f1f612d8a8838720unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                            bgzhtrqq0x2f60000x19a0000x199e008f7bab164d7e2e65671b60231c6e065dFalse0.9948828005870692data7.953670694283733IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                            xbodbsdh0x4900000x10000x400e8c8f209d8ad4c4c40978e4ab6bf6aa1False0.8125data6.3005096623186585IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                            .taggant0x4910000x30000x2200a140f8f76c03a5fe54635848ec70275aFalse0.006318933823529412Applesoft BASIC program data, first line number 150.017902309806127597IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                            RT_MANIFEST0x520580x152ASCII text, with CRLF line terminators0.6479289940828402
                                                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                                                            kernel32.dlllstrcpy
                                                                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                            2024-12-23T07:36:07.020047+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.5552931.1.1.153UDP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:07.261424+01002058364ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)1192.168.2.5495301.1.1.153UDP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:07.580892+01002058360ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)1192.168.2.5547271.1.1.153UDP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:07.806923+01002058370ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat)1192.168.2.5652881.1.1.153UDP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:08.212713+01002058362ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat)1192.168.2.5611571.1.1.153UDP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:08.440729+01002058354ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)1192.168.2.5637321.1.1.153UDP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:08.676185+01002058376ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat)1192.168.2.5547331.1.1.153UDP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:08.905999+01002058358ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat)1192.168.2.5511921.1.1.153UDP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:09.133094+01002058374ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat)1192.168.2.5515921.1.1.153UDP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:10.904567+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54970423.55.153.106443TCP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:11.672143+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.54970423.55.153.106443TCP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:13.273220+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549705172.67.157.254443TCP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:14.019132+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549705172.67.157.254443TCP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:14.019132+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549705172.67.157.254443TCP
                                                                                                                                                                                                                                                                            2024-12-23T07:36:14.925183+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549706172.67.157.254443TCP
                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.503806114 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.503906965 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.504000902 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.505263090 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.505297899 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:10.904472113 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:10.904567003 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:10.909040928 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:10.909091949 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:10.909533978 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:10.956146002 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:10.964710951 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.007340908 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.672194004 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.672225952 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.672261000 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.672275066 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.672297001 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.672307014 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.672393084 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.672441959 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.672441959 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.672475100 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.849894047 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.849950075 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.850025892 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.850058079 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.850116014 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.880438089 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.880479097 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.880548954 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.880551100 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.880603075 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.882522106 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.882539034 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.882554054 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.882559061 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:12.055037975 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:12.055097103 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:12.055218935 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:12.055567980 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:12.055584908 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:13.273156881 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:13.273220062 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:13.276359081 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:13.276381969 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:13.276985884 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:13.278400898 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:13.278418064 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:13.278568029 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.019087076 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.019193888 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.019292116 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.019903898 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.019927025 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.019939899 CET49705443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.019946098 CET44349705172.67.157.254192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.053720951 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.053771973 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.053853035 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.054133892 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.054147005 CET44349706172.67.157.254192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:14.925183058 CET49706443192.168.2.5172.67.157.254
                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.020046949 CET5529353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.257044077 CET53552931.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.261424065 CET4953053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.487698078 CET53495301.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.580892086 CET5472753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.805180073 CET53547271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.806922913 CET6528853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.211054087 CET53652881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.212713003 CET6115753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.436566114 CET53611571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.440728903 CET6373253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.672734022 CET53637321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.676184893 CET5473353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.901405096 CET53547331.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.905998945 CET5119253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.129915953 CET53511921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.133094072 CET5159253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.350403070 CET53515921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.356632948 CET6334753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.497665882 CET53633471.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.893883944 CET5678553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:12.054109097 CET53567851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.020046949 CET192.168.2.51.1.1.10x18a2Standard query (0)sweepyribs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.261424065 CET192.168.2.51.1.1.10xbb71Standard query (0)grannyejh.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.580892086 CET192.168.2.51.1.1.10x8bf5Standard query (0)discokeyus.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.806922913 CET192.168.2.51.1.1.10xa079Standard query (0)necklacebudi.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.212713003 CET192.168.2.51.1.1.10x38baStandard query (0)energyaffai.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.440728903 CET192.168.2.51.1.1.10x4128Standard query (0)aspecteirs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.676184893 CET192.168.2.51.1.1.10x822dStandard query (0)sustainskelet.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.905998945 CET192.168.2.51.1.1.10x18a4Standard query (0)crosshuaht.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.133094072 CET192.168.2.51.1.1.10xd948Standard query (0)rapeflowwj.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.356632948 CET192.168.2.51.1.1.10x24a7Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:11.893883944 CET192.168.2.51.1.1.10xf43fStandard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.257044077 CET1.1.1.1192.168.2.50x18a2Name error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.487698078 CET1.1.1.1192.168.2.50xbb71Name error (3)grannyejh.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:07.805180073 CET1.1.1.1192.168.2.50x8bf5Name error (3)discokeyus.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.211054087 CET1.1.1.1192.168.2.50xa079Name error (3)necklacebudi.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.436566114 CET1.1.1.1192.168.2.50x38baName error (3)energyaffai.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.672734022 CET1.1.1.1192.168.2.50x4128Name error (3)aspecteirs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:08.901405096 CET1.1.1.1192.168.2.50x822dName error (3)sustainskelet.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.129915953 CET1.1.1.1192.168.2.50x18a4Name error (3)crosshuaht.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.350403070 CET1.1.1.1192.168.2.50xd948Name error (3)rapeflowwj.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:09.497665882 CET1.1.1.1192.168.2.50x24a7No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:12.054109097 CET1.1.1.1192.168.2.50xf43fNo error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            Dec 23, 2024 07:36:12.054109097 CET1.1.1.1192.168.2.50xf43fNo error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                            • steamcommunity.com
                                                                                                                                                                                                                                                                            • lev-tolstoi.com
                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            0192.168.2.54970423.55.153.106443360C:\Users\user\Desktop\xxLuwS60RS.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-23 06:36:10 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                                                                                                                            2024-12-23 06:36:11 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                            Date: Mon, 23 Dec 2024 06:36:11 GMT
                                                                                                                                                                                                                                                                            Content-Length: 35121
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Set-Cookie: sessionid=50892755ecab8f36e515b612; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                            Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                            2024-12-23 06:36:11 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                                            2024-12-23 06:36:11 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                                            Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                                            2024-12-23 06:36:11 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                                            Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                            1192.168.2.549705172.67.157.254443360C:\Users\user\Desktop\xxLuwS60RS.exe
                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                            2024-12-23 06:36:13 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                            Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                            2024-12-23 06:36:13 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                            Data Ascii: act=life
                                                                                                                                                                                                                                                                            2024-12-23 06:36:14 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                            Date: Mon, 23 Dec 2024 06:36:13 GMT
                                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=9gdt6gabu72nfbfrnkaadrcs21; expires=Fri, 18 Apr 2025 00:22:52 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c80dRXkj9z9u6kSqq8aOY%2FWDdO5sKMet9Sg9NFlOmETMY99KH6vqdbaDWLTOAJe1WKXVqWD6s0vIdTnIm0IcJ2G4oU5nMnnmuJsZosIi8WpzBt%2BPkXnswd7NPvRT8sMpXwo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                                            CF-RAY: 8f665608aafb7d26-EWR
                                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1947&min_rtt=1944&rtt_var=736&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1479979&cwnd=205&unsent_bytes=0&cid=8d580d8b162506f8&ts=757&x=0"
                                                                                                                                                                                                                                                                            2024-12-23 06:36:14 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 2ok
                                                                                                                                                                                                                                                                            2024-12-23 06:36:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                                            Start time:01:36:04
                                                                                                                                                                                                                                                                            Start date:23/12/2024
                                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\xxLuwS60RS.exe
                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\xxLuwS60RS.exe"
                                                                                                                                                                                                                                                                            Imagebase:0x50000
                                                                                                                                                                                                                                                                            File size:1'843'712 bytes
                                                                                                                                                                                                                                                                            MD5 hash:2CADC9FDC1B98560776CB3750BBC52AD
                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                              Execution Coverage:0.9%
                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                              Signature Coverage:25%
                                                                                                                                                                                                                                                                              Total number of Nodes:72
                                                                                                                                                                                                                                                                              Total number of Limit Nodes:3
                                                                                                                                                                                                                                                                              execution_graph 16873 8c58a 16874 8c460 16873->16874 16874->16874 16875 8c5f4 16874->16875 16878 8c1f0 LdrInitializeThunk 16874->16878 16877 8c54d 16878->16877 16879 5c583 CoInitializeSecurity 16880 8aa80 16883 8d810 16880->16883 16882 8aa8a RtlAllocateHeap 16884 8d830 16883->16884 16884->16882 16884->16884 16890 8aaa0 16891 8aab3 16890->16891 16892 8aac4 16890->16892 16893 8aab8 RtlFreeHeap 16891->16893 16893->16892 16894 a8660 16895 a8cc6 VirtualAlloc 16894->16895 16897 a9017 16895->16897 16897->16897 16898 8cce6 16899 8cd00 16898->16899 16900 8cd6e 16899->16900 16905 8c1f0 LdrInitializeThunk 16899->16905 16904 8c1f0 LdrInitializeThunk 16900->16904 16903 8ce4d 16904->16903 16905->16900 16906 8c767 16907 8c790 16906->16907 16907->16907 16908 8c80e 16907->16908 16910 8c1f0 LdrInitializeThunk 16907->16910 16910->16908 16911 8cb19 16913 8cb40 16911->16913 16912 8cbae 16913->16912 16915 8c1f0 LdrInitializeThunk 16913->16915 16915->16912 16916 58850 16918 5885f 16916->16918 16917 58acf ExitProcess 16918->16917 16919 58ab8 16918->16919 16924 5c550 CoInitializeEx 16918->16924 16925 8c160 16919->16925 16928 8d7f0 16925->16928 16927 8c165 FreeLibrary 16927->16917 16929 8d7f9 16928->16929 16929->16927 16930 8e7d0 16931 8e800 16930->16931 16932 8e87f 16931->16932 16936 8c1f0 LdrInitializeThunk 16931->16936 16932->16932 16933 8e94e 16932->16933 16937 8c1f0 LdrInitializeThunk 16932->16937 16936->16932 16937->16933 16938 5a03d 16939 5a130 16938->16939 16939->16939 16942 5acf0 16939->16942 16941 5a17f 16943 5ad80 16942->16943 16943->16943 16944 5ada5 16943->16944 16946 8c180 16943->16946 16944->16941 16947 8c198 16946->16947 16948 8c1ba 16946->16948 16949 8c1a6 16946->16949 16954 8c1d6 16946->16954 16947->16949 16947->16954 16958 8aaa0 16947->16958 16955 8aa80 16948->16955 16949->16943 16950 8aaa0 RtlFreeHeap 16953 8c1df 16950->16953 16954->16950 16956 8d810 16955->16956 16957 8aa8a RtlAllocateHeap 16956->16957 16957->16949 16959 8aab3 16958->16959 16960 8aac4 16958->16960 16961 8aab8 RtlFreeHeap 16959->16961 16960->16954 16961->16960 16962 85972 16964 8599b 16962->16964 16965 859c4 16964->16965 16966 8c1f0 LdrInitializeThunk 16964->16966 16966->16964 16967 5e71b 16968 5e720 CoUninitialize 16967->16968

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 0 5acf0-5ad78 1 5ad80-5ad89 0->1 1->1 2 5ad8b-5ad9e 1->2 4 5ada5-5ada7 2->4 5 5b0e7-5b0f0 2->5 6 5b0f7-5b0fd 2->6 7 5b012-5b019 2->7 8 5b09d-5b0b7 2->8 9 5adac-5afc7 2->9 10 5b0ff-5b10a 2->10 11 5b01e-5b096 call 57f00 2->11 37 5b351-5b358 4->37 5->6 5->10 13 5b1c4-5b1d1 5->13 14 5b341-5b344 5->14 15 5b268-5b289 call 8dbf0 5->15 16 5b1eb-5b20b 5->16 17 5b22b-5b235 5->17 18 5b295-5b2b4 5->18 19 5b2f5-5b31b 5->19 20 5b375 5->20 21 5b2d6-5b2ee call 8c180 5->21 22 5b256-5b263 5->22 23 5b330 5->23 24 5b212-5b224 5->24 25 5b332-5b335 5->25 26 5b31d 5->26 27 5b33c 5->27 28 5b23c-5b254 call 8dbf0 5->28 29 5b37c 5->29 30 5b0be-5b0e2 call 8dbf0 5->30 31 5b359 5->31 32 5b1d8-5b1df 5->32 33 5b141-5b164 6->33 35 5b367-5b373 7->35 8->30 8->31 12 5afd0-5aff2 9->12 34 5b110-5b13a 10->34 11->5 11->6 11->8 11->10 11->13 11->14 11->15 11->16 11->17 11->18 11->19 11->20 11->21 11->22 11->23 11->24 11->25 11->26 11->27 11->28 11->29 11->30 11->31 11->32 12->12 38 5aff4-5afff 12->38 13->15 13->20 13->29 13->30 13->31 13->32 47 5b34b 14->47 15->18 16->14 16->15 16->17 16->18 16->19 16->20 16->21 16->22 16->23 16->24 16->25 16->26 16->27 16->28 16->29 16->30 16->31 16->32 17->15 17->20 17->22 17->28 17->29 17->30 17->31 17->32 54 5b2bd-5b2cf 18->54 46 5b322-5b328 19->46 20->29 21->14 21->15 21->19 21->20 21->22 21->23 21->25 21->26 21->27 21->28 21->29 21->30 21->31 21->32 22->14 24->14 24->15 24->17 24->18 24->19 24->20 24->21 24->22 24->23 24->25 24->26 24->27 24->28 24->29 24->30 24->31 24->32 25->14 25->15 25->20 25->22 25->27 25->28 25->29 25->30 25->31 25->32 26->46 27->14 28->22 51 5b383 29->51 30->31 49 5b362-5b364 31->49 32->16 42 5b170-5b1a1 33->42 34->34 41 5b13c-5b13f 34->41 35->37 59 5b002-5b00b 38->59 41->33 42->42 56 5b1a3-5b1bd 42->56 46->23 47->37 49->35 51->51 54->14 54->15 54->19 54->20 54->21 54->22 54->23 54->25 54->26 54->27 54->28 54->29 54->30 54->31 54->32 56->13 56->14 56->15 56->16 56->17 56->18 56->19 56->20 56->21 56->22 56->23 56->24 56->25 56->26 56->27 56->28 56->29 56->30 56->31 56->32 59->5 59->6 59->7 59->8 59->10 59->11 59->13 59->14 59->15 59->16 59->17 59->18 59->19 59->20 59->21 59->22 59->23 59->24 59->25 59->26 59->27 59->28 59->29 59->30 59->31 59->32
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: &K M$&wXy$'sZu$/O_q$Jk"m$e7o9$h? !
                                                                                                                                                                                                                                                                              • API String ID: 0-2986092683
                                                                                                                                                                                                                                                                              • Opcode ID: 1e9c1f870f1eb8907ea962583b5ec914220233f47e0acef5e5f2c875c2b0c272
                                                                                                                                                                                                                                                                              • Instruction ID: fadc683bb60629ae47875f5aa4731c398e31f1ac4a9a34d4846f6d10d4feca87
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e9c1f870f1eb8907ea962583b5ec914220233f47e0acef5e5f2c875c2b0c272
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 000277B1210B01CFE324CF25D895B97BBF1FB49305F108A2DE5AA8BA90D779A945CF50

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 76 58850-58861 call 8bc60 79 58867-5888f call 58020 76->79 80 58acf-58ad7 ExitProcess 76->80 83 58890-588cb 79->83 84 58904-58916 call 854e0 83->84 85 588cd-58902 83->85 88 5891c-5893f 84->88 89 58ab8-58abf 84->89 85->83 97 58945-58a3b 88->97 98 58941-58943 88->98 90 58ac1-58ac7 call 58030 89->90 91 58aca call 8c160 89->91 90->91 91->80 101 58a3d-58a69 97->101 102 58a6b-58aac call 59b00 97->102 98->97 101->102 102->89 105 58aae call 5c550 102->105 107 58ab3 call 5b390 105->107 107->89
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32(00000000), ref: 00058AD2
                                                                                                                                                                                                                                                                                • Part of subcall function 0005C550: CoInitializeEx.COMBASE(00000000,00000002), ref: 0005C564
                                                                                                                                                                                                                                                                                • Part of subcall function 0005B390: FreeLibrary.KERNEL32(00058AB8), ref: 0005B396
                                                                                                                                                                                                                                                                                • Part of subcall function 0005B390: FreeLibrary.KERNEL32 ref: 0005B3B7
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FreeLibrary$ExitInitializeProcess
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3534244204-0
                                                                                                                                                                                                                                                                              • Opcode ID: 42bf7e8c2d71ff5635c3c2d9b33aff5d880ce97a72a4256140a116ba94baa39c
                                                                                                                                                                                                                                                                              • Instruction ID: 64d82e4e75fce759408edae788fdd91e311a1a5c0bb6c613c9eee9c83934bec9
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42bf7e8c2d71ff5635c3c2d9b33aff5d880ce97a72a4256140a116ba94baa39c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC5178B7F202180BE71CAAA98C567AA75878BC5710F1E813E5D45EB3D6EDB49C0942C1

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 111 8c1f0-8c222 LdrInitializeThunk
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • LdrInitializeThunk.NTDLL(0008E31B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0008C21E
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                              • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                              • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 221 8c767-8c78f 222 8c790-8c7d6 221->222 222->222 223 8c7d8-8c7e3 222->223 224 8c810-8c813 223->224 225 8c7e5-8c7f3 223->225 226 8c841-8c862 224->226 227 8c800-8c807 225->227 228 8c809-8c80c 227->228 229 8c815-8c81b 227->229 228->227 231 8c80e 228->231 229->226 230 8c81d-8c839 call 8c1f0 229->230 233 8c83e 230->233 231->226 233->226
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: ,+*)
                                                                                                                                                                                                                                                                              • API String ID: 0-3529585375
                                                                                                                                                                                                                                                                              • Opcode ID: 6d494d4176aaedd4e59850832e95c6de6d7e2ea5681394b11cc11b112f15d6cb
                                                                                                                                                                                                                                                                              • Instruction ID: d41f75309d6c0c371acd53304c48932cc54e781a6e52a941d021b253a2bc07c7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d494d4176aaedd4e59850832e95c6de6d7e2ea5681394b11cc11b112f15d6cb
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43319139B402119BEB18CF5CDC95FBEB7B2BB49300F24912DE542A7395CB75A8018B64
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: o`
                                                                                                                                                                                                                                                                              • API String ID: 0-3993896143
                                                                                                                                                                                                                                                                              • Opcode ID: 0c310e6fcaca2427a1f5a9048f6927dbe005a74d983f8637cb8121424990ff0d
                                                                                                                                                                                                                                                                              • Instruction ID: b7a4c8b6abb522d5ea823f22dda38797dfd766557501648e4b8d04e26a147cad
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c310e6fcaca2427a1f5a9048f6927dbe005a74d983f8637cb8121424990ff0d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB110270218340AFC3048F65CDC1B2BBFE2ABC6204F54983EE18197261C635E8489B05

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 109 5c550-5c580 CoInitializeEx
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CoInitializeEx.COMBASE(00000000,00000002), ref: 0005C564
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Initialize
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2538663250-0
                                                                                                                                                                                                                                                                              • Opcode ID: bfa537e4d9e7a36652330f6024a6287c37acd9900e1009b5dbcd80ce0921dee5
                                                                                                                                                                                                                                                                              • Instruction ID: 02f454e0147b05d3cbadf5a0b69aae636834e367e1cef56683f1f3eadb7aff4c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bfa537e4d9e7a36652330f6024a6287c37acd9900e1009b5dbcd80ce0921dee5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DD0A72119064827E204A6199C4BF23731C9B837A4F40161EE2A2D62C1D9806A25C965

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 110 5c583-5c5b2 CoInitializeSecurity
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0005C595
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InitializeSecurity
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 640775948-0
                                                                                                                                                                                                                                                                              • Opcode ID: bb57e23044726e9a2d9edaab12db50bee6375f73cc4142440166b2ac3b6cca09
                                                                                                                                                                                                                                                                              • Instruction ID: 0db767b383626ac8f36efafcf37a5a3c461db420803c010b9ac59cb156c64c11
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb57e23044726e9a2d9edaab12db50bee6375f73cc4142440166b2ac3b6cca09
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0D0CA303DA3017AF5348628AC13F142200A702F24F34260AB3AAFE3D0C8D1B601CA0C

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 112 8aaa0-8aaac 113 8aab3-8aabe call 8d810 RtlFreeHeap 112->113 114 8aac4-8aac5 112->114 113->114
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(?,00000000,?,0008C1D6,?,0005B2E4,00000000,00000001), ref: 0008AABE
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                              • Opcode ID: 48242e2aacc2d383dcaa5f8b7ea30b2c438b0c6720aa7a68a6adb8979db35170
                                                                                                                                                                                                                                                                              • Instruction ID: 35d4fea5b3e369355a9fb7a4c93771af70066f61276a71e3b872c4d99dbecd76
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48242e2aacc2d383dcaa5f8b7ea30b2c438b0c6720aa7a68a6adb8979db35170
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3D01231515522EBDA102F24FC06BD63B58FF0A760F074862B4446B0B1C665EC9186D0

                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                              control_flow_graph 117 8aa80-8aa97 call 8d810 RtlAllocateHeap
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,00000000,?,?,0008C1C0), ref: 0008AA90
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                              • Opcode ID: 4f50457aa93dade0b1dfaa777da24e173bcc378caef79a7108443802704196d3
                                                                                                                                                                                                                                                                              • Instruction ID: 1ba255277b912c8d5525330c093ba9fcc9eabefecf512345a554bb3f4b041f5d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f50457aa93dade0b1dfaa777da24e173bcc378caef79a7108443802704196d3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63C04831045120AADA102B15FC09FCA3B68EF46661F0244A2B544660B2CA61AC928A94
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000), ref: 000A9005
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                              • Opcode ID: 3babf59e6d08caf0f79000953d561aac6cf5f23875764fe5e885bc06fd2623ed
                                                                                                                                                                                                                                                                              • Instruction ID: 1fb31bb84b6900c10dc1d3ffc900c1183479a62dc1abb0fdc0a277e2c8c46541
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3babf59e6d08caf0f79000953d561aac6cf5f23875764fe5e885bc06fd2623ed
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EF08CF550C604CFE7246F6CCA8866DBBB0EF59724F108A2CA9D542B84D7310D60DB17
                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: Uninitialize
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 3861434553-0
                                                                                                                                                                                                                                                                              • Opcode ID: 51de1f132c6039a85e2bffb02745562da5d29261b0a2a0966c8546853309dfdd
                                                                                                                                                                                                                                                                              • Instruction ID: 16a1465cb428c076c52e5aa05ab02c8c39c6bbf8eb7ccce9daa4c17dbf4f8277
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51de1f132c6039a85e2bffb02745562da5d29261b0a2a0966c8546853309dfdd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0EC0927228A6829BE3488738DF57A267639B7061583023B2AD213E3378CD59AD008D1C
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: #f!x$$%$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
                                                                                                                                                                                                                                                                              • API String ID: 0-2905094782
                                                                                                                                                                                                                                                                              • Opcode ID: 9d3a33e75c5afd6cd70751d607a6d87ca61108756a8488ab5e694b4d924c87e3
                                                                                                                                                                                                                                                                              • Instruction ID: 9e96f8784fc55d8c9ad1b7192ae256a338427c9f8a9e2bedeefec73dbe85eb71
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d3a33e75c5afd6cd70751d607a6d87ca61108756a8488ab5e694b4d924c87e3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 379294B5D05229CBDB64CF59DC987DEBBB1FB84300F2082E9D4596B250DB784A86CF84
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: #f!x$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
                                                                                                                                                                                                                                                                              • API String ID: 0-3225404442
                                                                                                                                                                                                                                                                              • Opcode ID: ba38911b24ae1dedbc68e7cc8c2c433e7a97b626b1eb76e368ac4b772fb34b09
                                                                                                                                                                                                                                                                              • Instruction ID: 2775c5c769c1093318c779d113509b92c049eacb42571c10a70fa1bd6f54eb30
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba38911b24ae1dedbc68e7cc8c2c433e7a97b626b1eb76e368ac4b772fb34b09
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B892A6B5905229CBDB64CF59DC987DEBBB1FB84300F2082E9D4596B350DB784A86CF84
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: 2Io$6j}$;~Q$>o_=$OEa|$XK7w$bJ_1$cng$f/}Q$,Y@$1{o
                                                                                                                                                                                                                                                                              • API String ID: 0-2829631212
                                                                                                                                                                                                                                                                              • Opcode ID: dd022e192141c90706740832a4c76dd3b2ca655c64edd3a868fb8544b2b6ad74
                                                                                                                                                                                                                                                                              • Instruction ID: 553217e4fc647a0c1e636de38701703a415cc11e96ed5de3707cfca2498f547a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd022e192141c90706740832a4c76dd3b2ca655c64edd3a868fb8544b2b6ad74
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CB228F3608210AFE304AE2DEC8577AB7E9EF94720F1A493DEAC4C7744E67558018796
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: !+2j$"$$01;$(7.A$908#$>7;<$O35 $bblg$gn~b$ne$vm/;$w!w4
                                                                                                                                                                                                                                                                              • API String ID: 0-1290103930
                                                                                                                                                                                                                                                                              • Opcode ID: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                                                              • Instruction ID: 29b1f55457403b8f5c08c2d6a7466b324e1e005ef8c2ac7a79097bc9cdf2a9c0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5CA1F77024C3D18BC316CF6984A076BFFE1AF97345F4849ACE8D54B282D339890ACB52
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: (co_$, P$2[~$4<^$E ||$N~_$aae~$b4_$`s[$}gc
                                                                                                                                                                                                                                                                              • API String ID: 0-4168588793
                                                                                                                                                                                                                                                                              • Opcode ID: 666619deef7f7c8c9180b67127b9ec99d427c4fb8053bb04501e19292550f404
                                                                                                                                                                                                                                                                              • Instruction ID: 08ec05f99fe070678b7d05c501ef70faee5e932c455dd373a71574eae0de6962
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 666619deef7f7c8c9180b67127b9ec99d427c4fb8053bb04501e19292550f404
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73B237F3A0C2049FE3046E2DEC8567ABBE9EF94720F1A463DEAC4D7344E93558058697
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: ""][$#mdM$*lJ$*ybY$+*$?]jq$SF_$a\5|$u,}|$U^K
                                                                                                                                                                                                                                                                              • API String ID: 0-2998372104
                                                                                                                                                                                                                                                                              • Opcode ID: 7829d00e67dbba623fdfe5cb3790888b08e726022a726754612f25c895b7572a
                                                                                                                                                                                                                                                                              • Instruction ID: ba7f924aa6c5926d59c6bff32cce19807762a3227c024f1323193c47737b83ee
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7829d00e67dbba623fdfe5cb3790888b08e726022a726754612f25c895b7572a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5B206F360C2049FE304AE29DC8567AF7E9EF94720F16893DE6C4C7744EA3598418697
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: ![s$1!^N$9{?{$dg$dv}$rV%{$4r;$Nf*$k
                                                                                                                                                                                                                                                                              • API String ID: 0-1994650596
                                                                                                                                                                                                                                                                              • Opcode ID: 23e48bbeb0ef23e59c3e4f69e91b53f3398931bdce7d35ba759a5192aa9cc518
                                                                                                                                                                                                                                                                              • Instruction ID: aaae4fed4ccfc877c1e6b2999e8369f7d3bdd0b37905e0e012f7a1a6bdbdead8
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23e48bbeb0ef23e59c3e4f69e91b53f3398931bdce7d35ba759a5192aa9cc518
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19B216F360C2049FE304AE2DEC8567ABBE9EF94720F16893DEAC4C7344E63558058696
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: /G$I$7N1@$A[$Fg)i$OU$WE${\}
                                                                                                                                                                                                                                                                              • API String ID: 0-1763234448
                                                                                                                                                                                                                                                                              • Opcode ID: e9d6b71deb587885cbdc6be86e55e26bf625b53f381a42e9bd1593a8c99d2be8
                                                                                                                                                                                                                                                                              • Instruction ID: 11e11a1979f09a17af199f7e362f43ee2576a29de5ee22cea418c701f95c975a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9d6b71deb587885cbdc6be86e55e26bf625b53f381a42e9bd1593a8c99d2be8
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8F1BBB56083409FE3148F65D89266BBBE1FBD2345F04892DF5898B391D7B88906CB87
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: 1]_$:;$}JsE$}JsE$AC$E)G$Q?S
                                                                                                                                                                                                                                                                              • API String ID: 0-2463461626
                                                                                                                                                                                                                                                                              • Opcode ID: 80a85434e3810c19bc5a63b1276086e51b09c6dc0a22ec833c55508502d44da4
                                                                                                                                                                                                                                                                              • Instruction ID: 51890443960af97de510149fcca3665d0149257162d3db01b11cc485b58a47d8
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80a85434e3810c19bc5a63b1276086e51b09c6dc0a22ec833c55508502d44da4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BFD1097665C7544BC324CF2488516AFBBE2EBC2305F1D8A6DE8D68B341D639C909CB83
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: 1DT}$2v{_$OO?$S2X`$n6pL$zgVn
                                                                                                                                                                                                                                                                              • API String ID: 0-404944530
                                                                                                                                                                                                                                                                              • Opcode ID: f7eeca547be7381f300e152811c6e28bc5f734f607a7e5e4743c8097ce373717
                                                                                                                                                                                                                                                                              • Instruction ID: 93e9a0cf3d36510a56f964740eb9b2ab8b5ebf755b2e230dc4e76f3cfbe05ed3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7eeca547be7381f300e152811c6e28bc5f734f607a7e5e4743c8097ce373717
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0B216F36082049FE3046E2DEC8577AF7E9EF94720F1A893DEAC4C3744EA7558058696
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: !%]o$+z[;$/eM;$XtM$x?{$w1
                                                                                                                                                                                                                                                                              • API String ID: 0-3118099404
                                                                                                                                                                                                                                                                              • Opcode ID: a891de5592615b85a44bc84905953055a2c4c11a779f1bc69a5c7fbb2a62dc67
                                                                                                                                                                                                                                                                              • Instruction ID: 2cc85ead79d22ba370845c3fc79967f932afdab7befaf58d432eb4490c7f75ee
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a891de5592615b85a44bc84905953055a2c4c11a779f1bc69a5c7fbb2a62dc67
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E9206F360C2149FE304AE2DEC8577ABBE9EF94320F16493DEAC4C7344EA3558458696
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: 8MNO$<I2K$NDNK$X$oA&C$~
                                                                                                                                                                                                                                                                              • API String ID: 0-3566962707
                                                                                                                                                                                                                                                                              • Opcode ID: 8243be431150ee27c688303965fcecedc7bdb098924132076716c2c365250c85
                                                                                                                                                                                                                                                                              • Instruction ID: d23c8407f82a3ddcb49ad8207cff5ab6332770783ea9a4766cf15a49e38dbbf6
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8243be431150ee27c688303965fcecedc7bdb098924132076716c2c365250c85
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09F147725087408FD730CF28D8857ABB7E2BF95311F198A2DE4D997252EB349905CB43
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: #4<7$+8=>$PK$Tiec$\$r
                                                                                                                                                                                                                                                                              • API String ID: 0-1906979145
                                                                                                                                                                                                                                                                              • Opcode ID: 990b37a7abeb129c779d1a9f3e1a9b4d2dfd0d979ecbda5d1134608bcac6875b
                                                                                                                                                                                                                                                                              • Instruction ID: e7b780bb445e5a46782851c2e4575fff62b4631af9ac051c46836c915c44ee61
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 990b37a7abeb129c779d1a9f3e1a9b4d2dfd0d979ecbda5d1134608bcac6875b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7D13676A0C3408BC718CF35C8516AFBBE2AFD5314F18992DE8D69B251D734C909CB42
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: ZLoN$f2?v$hzX;${'s{$mu?
                                                                                                                                                                                                                                                                              • API String ID: 0-705605246
                                                                                                                                                                                                                                                                              • Opcode ID: 350d91a1bc4253ad2928e9b8980d7969ebf4aab42d25ae56790b29efd74cc633
                                                                                                                                                                                                                                                                              • Instruction ID: d2b29bb65c9b5a0ecff4ba6ea78f6515512a15d7176bebc2452f4042d6193dc2
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 350d91a1bc4253ad2928e9b8980d7969ebf4aab42d25ae56790b29efd74cc633
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DB2E3F260C2009FE314AE29DC8567AFBE5EF94320F16893DEAC4C7744EA3558458B97
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: "$-+$/$hI
                                                                                                                                                                                                                                                                              • API String ID: 0-2772680581
                                                                                                                                                                                                                                                                              • Opcode ID: d55a41adccb4d4be13ef3f0949d1ccee944b614865da4cdbdc45b68bdd1abb0a
                                                                                                                                                                                                                                                                              • Instruction ID: adfe6b72e2aafbdf1b757547c57bac884e551123b723c7c27b4499bffdf7e159
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d55a41adccb4d4be13ef3f0949d1ccee944b614865da4cdbdc45b68bdd1abb0a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D142377550C3818FD721CF24C85066FBBE2AF95314F188A6DE8E95B392DB31990ACB52
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: )G+I$+K M$s0u
                                                                                                                                                                                                                                                                              • API String ID: 0-789121832
                                                                                                                                                                                                                                                                              • Opcode ID: bde50e582d74e7f14f04c101e2315a05120c68b77c0bfbf52740624b96cb5254
                                                                                                                                                                                                                                                                              • Instruction ID: ccfe5a0e816e90f72de703c99219b93d34976aae10151cd3da1126e851ebc05d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bde50e582d74e7f14f04c101e2315a05120c68b77c0bfbf52740624b96cb5254
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A320171A0C381CFE714CF29DC5076FB7E2BB89311F198A6DE89997291D7389905CB82
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: ;e=_$M3?o$W^[
                                                                                                                                                                                                                                                                              • API String ID: 0-1768310081
                                                                                                                                                                                                                                                                              • Opcode ID: af1c09af718f99c55224efbe27d2fde46c3cb151a52fe01a89a560a9c7a4292f
                                                                                                                                                                                                                                                                              • Instruction ID: 22a9fea6c81ec456d413979534bea65c691dd3dd08cf202592a00a0805865b67
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af1c09af718f99c55224efbe27d2fde46c3cb151a52fe01a89a560a9c7a4292f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8F1E3B3F102144BF3449D7ADC98366B697DBD4320F2B823C9A99D77C4E87E9C0A4285
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: <pr$st$y./
                                                                                                                                                                                                                                                                              • API String ID: 0-3839595785
                                                                                                                                                                                                                                                                              • Opcode ID: d5d33d894b11ae3d86c5c5fb31d469601426fe308cc892a616ba54b2e1f553fd
                                                                                                                                                                                                                                                                              • Instruction ID: 7c3259e7b2054b26c0beec450a3f5aaa542d664cf65c2d36eff2d77a4fa1fdbf
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5d33d894b11ae3d86c5c5fb31d469601426fe308cc892a616ba54b2e1f553fd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7C15972E093008BD7689F24C85267BB3E1EFD5314F19C92DE99A97382E638DD05C396
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: 34$C]$|F
                                                                                                                                                                                                                                                                              • API String ID: 0-2804560523
                                                                                                                                                                                                                                                                              • Opcode ID: ae38597f3b3d55a54ee608dbca300edca2cd6c5e6666cc59c7aa2255667cd2cc
                                                                                                                                                                                                                                                                              • Instruction ID: c26d38e4a7570215ef684a4387f4612e11f13aeec2cd76eaef454366fc4af997
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae38597f3b3d55a54ee608dbca300edca2cd6c5e6666cc59c7aa2255667cd2cc
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFC101B5A183118BC320CF29C88166BB3F2FF95314F58895DE8D68B390E774DA05C796
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: #XXL$=$BC
                                                                                                                                                                                                                                                                              • API String ID: 0-2546488661
                                                                                                                                                                                                                                                                              • Opcode ID: 07d9af9fc289db4754c8285eab967cc1309a45bc58e4fad38d6eecb2a1948e7e
                                                                                                                                                                                                                                                                              • Instruction ID: 2176554345af73e799cac806936e2a5f44aa81b452921f269f518d1c85c4d909
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 07d9af9fc289db4754c8285eab967cc1309a45bc58e4fad38d6eecb2a1948e7e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39C1DCB15083518FE324CF15C8A176BBBE2FF91704F0A8A5DD4C55F2A1EB788905CB92
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                                                              • String ID: 1234$oQ3$sQ3
                                                                                                                                                                                                                                                                              • API String ID: 2994545307-3057079318
                                                                                                                                                                                                                                                                              • Opcode ID: eb83df741d72479e374f7c636e25255c0e08f74d83e39b06cf55a7e1120727f1
                                                                                                                                                                                                                                                                              • Instruction ID: 6eadbfe94cba3fe7d8add5a0486f88e37e0ee91a3a870308d020ca8bc5148afc
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb83df741d72479e374f7c636e25255c0e08f74d83e39b06cf55a7e1120727f1
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64B13372A083128FC728EE28D89197BB7E2FBD5310F19853CE9D697255E631ED01C782
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: m5{{$DZu
                                                                                                                                                                                                                                                                              • API String ID: 0-1259756362
                                                                                                                                                                                                                                                                              • Opcode ID: 47548a58904a7a73c43df5b4190fadaacc8cbc5e629ab0f2cc52afd395a130c3
                                                                                                                                                                                                                                                                              • Instruction ID: 4e69acb0b3bac8d10ec08402906d6dd31dc07ec9ce007ab2d843f19c66fae467
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47548a58904a7a73c43df5b4190fadaacc8cbc5e629ab0f2cc52afd395a130c3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25A219F360C200AFE7086E2DEC9577ABBE9EF94320F1A453DE6C5C3744EA3558058696
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: +|-~$/pqr$_
                                                                                                                                                                                                                                                                              • API String ID: 0-1379640984
                                                                                                                                                                                                                                                                              • Opcode ID: 58f1c58024866dcfbc5006096a4ec056c642d139e96bd1122ea65ddbce0603cb
                                                                                                                                                                                                                                                                              • Instruction ID: 0a4cfb388af4b6c2fea185a52dbe286ab53064133cda811e641b1b1ca485b40d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58f1c58024866dcfbc5006096a4ec056c642d139e96bd1122ea65ddbce0603cb
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE81286571815106CB2CDF3488A33BBBAE79F84308B29D1FED955CFA97E938C2028745
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: gfff$i
                                                                                                                                                                                                                                                                              • API String ID: 0-634403771
                                                                                                                                                                                                                                                                              • Opcode ID: c469abb19f95fffe9e75cc86cd7c9784c62be4db0e06cc795801d992d82351ce
                                                                                                                                                                                                                                                                              • Instruction ID: 7185ac68ffe7b09e534678155f7cbb2f3b172f7781176622afd84f5577e4c08e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c469abb19f95fffe9e75cc86cd7c9784c62be4db0e06cc795801d992d82351ce
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81028972A182118FE724CF68D881BABBBD3FBD1304F19842ED4C9D7296DB749905C792
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: !@$,
                                                                                                                                                                                                                                                                              • API String ID: 0-2321553346
                                                                                                                                                                                                                                                                              • Opcode ID: 4e019a99ad324c10f8291973497c82a33bd3840dcda64f21acf67bad0b9db905
                                                                                                                                                                                                                                                                              • Instruction ID: 37100cc356d413693e36968c3b023ffda7c8169bb376fbe27e1e61cdb521347b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e019a99ad324c10f8291973497c82a33bd3840dcda64f21acf67bad0b9db905
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5942E4B1E042548FDB14CF7CC8853EEBBF1AB45310F188269D899AB3D2D7398945CB96
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: 'h$w&e]
                                                                                                                                                                                                                                                                              • API String ID: 0-4033260804
                                                                                                                                                                                                                                                                              • Opcode ID: d093f10a30896e403cdab37078dd2db8c20304a8f795719959b63d8657baaee3
                                                                                                                                                                                                                                                                              • Instruction ID: eaeb8e2c47efac41dfa009c8ad93dc5f673dbf17ab2f806753b2016d283af6bd
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d093f10a30896e403cdab37078dd2db8c20304a8f795719959b63d8657baaee3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCF1ADF3F106104BF3484929DD98366B693EBD4320F2F823D8E9897BC4D87E9D064285
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: )$IEND
                                                                                                                                                                                                                                                                              • API String ID: 0-707183367
                                                                                                                                                                                                                                                                              • Opcode ID: 57f39b6b63f7b05e07794e34f608797a9cd9a81f252c72b9234b19891d5adacd
                                                                                                                                                                                                                                                                              • Instruction ID: 48dba7263346083ad88cf7a8410afab279e1e285cae06b50d900e2e58502af38
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57f39b6b63f7b05e07794e34f608797a9cd9a81f252c72b9234b19891d5adacd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71D1BBB19083449FD720CF18D84579FBBE4AB94308F14892DFD999B382E775D948CB92
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: d$d
                                                                                                                                                                                                                                                                              • API String ID: 0-195624457
                                                                                                                                                                                                                                                                              • Opcode ID: 4ab4043503ac16e7987095fc7b4ae6da0c25e6dd3876d21cd62370aac0876431
                                                                                                                                                                                                                                                                              • Instruction ID: 5e75dcbea0c805fef3c2659d4b92789c7b80ac07b1d9be7a6c0929e16ce607ea
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ab4043503ac16e7987095fc7b4ae6da0c25e6dd3876d21cd62370aac0876431
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65512B329083108BD315CF28D85066FB7D2BBCA715F198A6DE8C9A7261D73A9D05CB87
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: P<?$P<?
                                                                                                                                                                                                                                                                              • API String ID: 0-3449142988
                                                                                                                                                                                                                                                                              • Opcode ID: 49b80b66a3f8d3a1776fe03428ed165b74b39611f5cf684a7220aabc14a988ea
                                                                                                                                                                                                                                                                              • Instruction ID: 078d8424acfed9e31de9f4308c079558cb344f63c15f60bcfcd8c3664c836415
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49b80b66a3f8d3a1776fe03428ed165b74b39611f5cf684a7220aabc14a988ea
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA314976A44710EFD7708F98C880BBEB7E3B789300F58C92EE5C9A3111DA7058408797
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: "51s
                                                                                                                                                                                                                                                                              • API String ID: 0-110016742
                                                                                                                                                                                                                                                                              • Opcode ID: c6f2793dc98ae22231ef2dee8244b3010fddbef70d9801abe01c3db48c0cec99
                                                                                                                                                                                                                                                                              • Instruction ID: 55abb85e4a978a563db6d8867b352a939cee5732dc46b4189d722fd123049b9d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6f2793dc98ae22231ef2dee8244b3010fddbef70d9801abe01c3db48c0cec99
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C320536E00616CBCB28CF68C8915EEB3B2FF89311B59C46DD486AB364DB795D42CB44
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                                                                                              • API String ID: 2994545307-1993550816
                                                                                                                                                                                                                                                                              • Opcode ID: ef2c8a61cf7a77bbf29b6d2c4e81003d03b1da80028aae3749f0d295e932c336
                                                                                                                                                                                                                                                                              • Instruction ID: 4cb33d62922ec9a45210081678cc6cbd40bc4028adedf79a1044780df2dc37af
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef2c8a61cf7a77bbf29b6d2c4e81003d03b1da80028aae3749f0d295e932c336
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C12E3306083418FD714DF28D881A6FBBE1BB89314F248A2DE4D5973A2D735DD05CB92
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: vn
                                                                                                                                                                                                                                                                              • API String ID: 0-1111591020
                                                                                                                                                                                                                                                                              • Opcode ID: 5055b88df1529cc23bc92b9d529163a06016e428d16538fa6157639951414810
                                                                                                                                                                                                                                                                              • Instruction ID: 284e8f4cbc4a2a48739166f5c88671ed78cf92cd64e0e67ae670514b408810ed
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5055b88df1529cc23bc92b9d529163a06016e428d16538fa6157639951414810
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9029EF3F106208BF3144D29DC98366B693EBD4320F2F863D9A98A77C4E97E9C454685
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: RCos
                                                                                                                                                                                                                                                                              • API String ID: 0-435518530
                                                                                                                                                                                                                                                                              • Opcode ID: a2fa230842ca80612b998aeafff1c0f51fcc46ebba99a42aa368e30a938b2a2a
                                                                                                                                                                                                                                                                              • Instruction ID: c53632aed860b86bfd3d0eae65f1aa96cae91d43c4892416d6879213893b9405
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2fa230842ca80612b998aeafff1c0f51fcc46ebba99a42aa368e30a938b2a2a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD02C1B3F142248BF3145D39CC88366B6D2EB98320F2F463D9A89A77C5E93E9C055785
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: 3}zw
                                                                                                                                                                                                                                                                              • API String ID: 0-2218919603
                                                                                                                                                                                                                                                                              • Opcode ID: 6720e7ec080c545c9f3c0dab5336eb8e2085404193104adf0e9fb3e8fee0f942
                                                                                                                                                                                                                                                                              • Instruction ID: adbe13807dcc76ea6364222b7fac8128561b11a23dc936d138e5b550a7074747
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6720e7ec080c545c9f3c0dab5336eb8e2085404193104adf0e9fb3e8fee0f942
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6202F2F3E106104BF3084939DD59366B693DBD4720F2F823D9B99A7BC5E87E9C054285
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                                                              • String ID: /,-
                                                                                                                                                                                                                                                                              • API String ID: 2994545307-1700940157
                                                                                                                                                                                                                                                                              • Opcode ID: dacfdf887301a9a7e6850141e2be048101b4df7be18341ae71bb705637f689c4
                                                                                                                                                                                                                                                                              • Instruction ID: 87f2d5ea1ffbe39c547e71c848de146af3de5a078ff249571c0ab021b7560feb
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dacfdf887301a9a7e6850141e2be048101b4df7be18341ae71bb705637f689c4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2B168717083009BE764AE2488C167BB7E2FBC2724F58C92DE5C557296DF31EC068792
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: zW?
                                                                                                                                                                                                                                                                              • API String ID: 0-911968596
                                                                                                                                                                                                                                                                              • Opcode ID: 0751b2ba094ccde931a370fcb82df94e72712ba06f348869c74f5483aeb2b5ab
                                                                                                                                                                                                                                                                              • Instruction ID: 2c948003409f097d08e1802f2189b5488609349519317213f03c99ae37a1e5e4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0751b2ba094ccde931a370fcb82df94e72712ba06f348869c74f5483aeb2b5ab
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56C1D1B3E142248BF3544E29DC94366B792EB94320F2F853D9A88AB7C4E97E5C058785
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                                                              • String ID: i
                                                                                                                                                                                                                                                                              • API String ID: 2994545307-3865851505
                                                                                                                                                                                                                                                                              • Opcode ID: d1981f226350df74c9d1f4f9ce7b94fdf90e407655fe4df7e96ea90643386e84
                                                                                                                                                                                                                                                                              • Instruction ID: 464c79cfba75e595fad059a8acd2aebd40c4b7fa52f82a9efef9ba0fbab11d42
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1981f226350df74c9d1f4f9ce7b94fdf90e407655fe4df7e96ea90643386e84
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC81887291C751CFD320CF68D8806AFBBE3BBA2314F19495ED8C997252C7389946C792
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: ,[AZ
                                                                                                                                                                                                                                                                              • API String ID: 0-3382036581
                                                                                                                                                                                                                                                                              • Opcode ID: 127d82735184293f0832aa104777cb0bf7bf74f9fb3192f47a51a5761d17aacf
                                                                                                                                                                                                                                                                              • Instruction ID: b42d95140673568207b0de8fbcf793e411461bcc753c5ac7edbd957c54020612
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 127d82735184293f0832aa104777cb0bf7bf74f9fb3192f47a51a5761d17aacf
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95A1B0B3F1062447F3644D29DC983A26283DB95321F2F82798F5DABBC5E87E5C0A5384
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: .
                                                                                                                                                                                                                                                                              • API String ID: 0-248832578
                                                                                                                                                                                                                                                                              • Opcode ID: eb9e8fb7a902fdb3d90d805a2ff8d6d6f562e307e2af103b44c53f0f19cfdb66
                                                                                                                                                                                                                                                                              • Instruction ID: b127dc49ed5e95f670f7d16447faf522fa57072bb1cb91b5d1e805605f171d55
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb9e8fb7a902fdb3d90d805a2ff8d6d6f562e307e2af103b44c53f0f19cfdb66
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C914A71E083524BC721CE2DC88425BB7E5AB81362F58CA69DCD5E73A1EE34DD498BC1
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: k?d
                                                                                                                                                                                                                                                                              • API String ID: 0-3501399020
                                                                                                                                                                                                                                                                              • Opcode ID: 038fe7767fe8369f9c8d098d29773dea0aaadb739da9c6fc5c0b65164c002e69
                                                                                                                                                                                                                                                                              • Instruction ID: b6c98ce7cdf4361c5715ef4130bde22ec727e751462f8c7a010f68393416f28f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 038fe7767fe8369f9c8d098d29773dea0aaadb739da9c6fc5c0b65164c002e69
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3A19BB3F125254BF3544939CC583A276839BE5321F3F82798A4CAB7C9E97E5C0A5384
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                              • Opcode ID: e3a4150c9f5c86b66793e72fc2ee402265b9b801d834e31c0db665e6da72f14f
                                                                                                                                                                                                                                                                              • Instruction ID: 4a6cf0a57fe0528aae2aaacc2ab3219fc94bf6658a10dc7df89594424764ce32
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3a4150c9f5c86b66793e72fc2ee402265b9b801d834e31c0db665e6da72f14f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10910737759A8107D36CAE3C4C522AABA836BD7330B2DC37EB5F18B3E5D52988094351
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: 4s
                                                                                                                                                                                                                                                                              • API String ID: 0-985047779
                                                                                                                                                                                                                                                                              • Opcode ID: eb702403e17dd9552a87c94bdd7a123dcb0fa8761bac2e0262637973b4e2a0f6
                                                                                                                                                                                                                                                                              • Instruction ID: 161fea796027b5d1efd9de4e852ccaf10b12e855b7c9707011a94e7034168dec
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb702403e17dd9552a87c94bdd7a123dcb0fa8761bac2e0262637973b4e2a0f6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E918FB3F116254BF3644D29CC983A27683DBD5310F2F82798E4CAB7C9D97E9D0A5284
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: #
                                                                                                                                                                                                                                                                              • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                              • Opcode ID: f7da2a7950cf6258b6d7ce08406d2afb904e0fe1a26adaebd75a42ff3fc29e30
                                                                                                                                                                                                                                                                              • Instruction ID: 45781f6b54e276974e7195ef77b73b69dbeb8c23aa134ac35e039bec451e1473
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7da2a7950cf6258b6d7ce08406d2afb904e0fe1a26adaebd75a42ff3fc29e30
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E691CDB3F126244BF3844929DC983A23283D7DA321F2F82798A585B7C5DD7E9D0A5384
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: "
                                                                                                                                                                                                                                                                              • API String ID: 0-123907689
                                                                                                                                                                                                                                                                              • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                              • Instruction ID: 3955a6eaf16dabf3461ee4147c5516fdfc81aa59a116a3246fd87becd28265c2
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1271C532E083594BD724CE6CC48432EBBE2ABC5710F69C56DE49C9B392D339DD45878A
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: N
                                                                                                                                                                                                                                                                              • API String ID: 0-1130791706
                                                                                                                                                                                                                                                                              • Opcode ID: 08560624a4bc2985cedc111f1ca7f15f40c1690e7abefa88c42240bc99baeb7a
                                                                                                                                                                                                                                                                              • Instruction ID: 98f7bb81bb70ff7903067ea0fbbc642577c02458df5c29d4467d5d82b463e006
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08560624a4bc2985cedc111f1ca7f15f40c1690e7abefa88c42240bc99baeb7a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B71DFB3F115218BF3544938CC583A27683DBE9320F2F42798E6CAB7C5D97EAD095284
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: klm
                                                                                                                                                                                                                                                                              • API String ID: 0-3800403225
                                                                                                                                                                                                                                                                              • Opcode ID: c6c85b913902e534d7e3a2364b2573dd885af4e563fba3fb284d25de94a386c4
                                                                                                                                                                                                                                                                              • Instruction ID: d025e0da985942d18ce2bbafdb25990a0c0003f0b03bd19c0bd8d8d19fe9f8f0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6c85b913902e534d7e3a2364b2573dd885af4e563fba3fb284d25de94a386c4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F512474A0C3508BD314DF65C81276BB7F2FFA6304F18856EE8D64B291E7398505CB16
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: _
                                                                                                                                                                                                                                                                              • API String ID: 0-701932520
                                                                                                                                                                                                                                                                              • Opcode ID: 98ebeba7e635ab76149488ee7f1f472fcc275352dcb81cb5d727deaec06274ff
                                                                                                                                                                                                                                                                              • Instruction ID: 0140c0bd68ab873c4cd5d0f7aec60d666e299f265163e3ef7b751c450e3b78dc
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98ebeba7e635ab76149488ee7f1f472fcc275352dcb81cb5d727deaec06274ff
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E27199B7F1162447F3600D29CC983A27283ABD5324F2F42798E986B7C6D93E6D0A5784
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: pF
                                                                                                                                                                                                                                                                              • API String ID: 0-4112324664
                                                                                                                                                                                                                                                                              • Opcode ID: 0f02625657580f1287757df776de7f0c5486b3057b28573833ebd663770224f9
                                                                                                                                                                                                                                                                              • Instruction ID: fec5eea952752783af77a45295391d5b37426478f3410d4be4d06f063f98d3a2
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f02625657580f1287757df776de7f0c5486b3057b28573833ebd663770224f9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E51D572E442698BDB28CE69DC513DEB7B2FB84304F1580BDC95AEB284CB3449468F81
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: n*{
                                                                                                                                                                                                                                                                              • API String ID: 0-3740231726
                                                                                                                                                                                                                                                                              • Opcode ID: 97745c33cd075a26fb09fb4238b2f17bd549d3b89e4555c3b53602a80eadcee6
                                                                                                                                                                                                                                                                              • Instruction ID: cce1d0cb475e1f4f7f24124f678f95079a67d5e4690200a1324b4a6d3695a284
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97745c33cd075a26fb09fb4238b2f17bd549d3b89e4555c3b53602a80eadcee6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2551D6F3B085005FF3085919EC8576BB2DBDBD4320F2B423EE698C3780E9799D024696
                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID: I
                                                                                                                                                                                                                                                                              • API String ID: 0-3707901625
                                                                                                                                                                                                                                                                              • Opcode ID: f3ed29bb4287fcee940b18825c9a58a33de4c2ef70c4ec8464b1b2634c273299
                                                                                                                                                                                                                                                                              • Instruction ID: 3d589e79c91428a923b964186d1783b36810029b3d38048e502bad4c85a32aac
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3ed29bb4287fcee940b18825c9a58a33de4c2ef70c4ec8464b1b2634c273299
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37515AF3F2152547F3984839CD583A265839BE5311F2F82798F4CAB7C5D87E9C4A5288
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: ffef1292d1f1d317542a4d8b219759453085d12b822f7abf98aaadda4f7ffea3
                                                                                                                                                                                                                                                                              • Instruction ID: 16eaa8a4e7ae5aabd82a4d345c31b6cea4d0ed76a23162c8926fd0c3b392e97b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffef1292d1f1d317542a4d8b219759453085d12b822f7abf98aaadda4f7ffea3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44425776A08351CBD724CF29C8907ABB7E2FFC5310F19892DE4C59B251DB399845CB92
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: fac405b28fc46092712319b3f7c15f12462e2dabf4e678801b902abc1144d186
                                                                                                                                                                                                                                                                              • Instruction ID: 4e2a668fca11e8365628527fdb03d31dd17d59872746bb05285b75af939ead6c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fac405b28fc46092712319b3f7c15f12462e2dabf4e678801b902abc1144d186
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE52C370A08B849FF771CB24C4843A7BBE1AB91315F544C2DD9DA47B82C37AA98DCB15
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                                                              • Instruction ID: d1084232e2a09afabfc398f8e74000cb0ce88572526a9c3e9dd4946e0c3a217e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE12B531A0C7118BC735DF18E8806ABB3E1FFC4316F19892DD9CA97285D734A859DB42
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: c0706b081037f64b05bb0e2da229532f817c94dcd5fb6d9120b5f44e81cfa005
                                                                                                                                                                                                                                                                              • Instruction ID: e9b51e1b3a64a37926bcdb1f372d15b0721b8f479bd881dc2f32cc52a2a73f70
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0706b081037f64b05bb0e2da229532f817c94dcd5fb6d9120b5f44e81cfa005
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B121232A29215CFDB08DF28E8905AAB3F2FF89310F19847ED58A97351D734AD51CB84
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 08118dacbd9b6339082492c6b56a9bbbd867f299acba9973888722abe57b0abd
                                                                                                                                                                                                                                                                              • Instruction ID: c1dcb367c025a3cb737e2ca4ac3b0c9d9886aa473cf9d9852e3847b424af4a44
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08118dacbd9b6339082492c6b56a9bbbd867f299acba9973888722abe57b0abd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D32C775A04B408FD724DF38D4953ABBBE2AF55310F188A6DD8EB87392E635E505CB02
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 5a94d6755bbfad701d37221524e5505d7a3aad2ed2f6cba8bf5e43e77952f69a
                                                                                                                                                                                                                                                                              • Instruction ID: 0c3c21ddcb48a37a442a1cc077b6de85efd9d48ef6218f6189eaf415edefe49a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a94d6755bbfad701d37221524e5505d7a3aad2ed2f6cba8bf5e43e77952f69a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4322070914B108FC378CF29C59456BBBF1BF45751BA04A2EDAA787A90D736F988CB10
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: b4f463d7e8920e053de1ca9eba8078269b124df4b03af613600d994de2c3e9bb
                                                                                                                                                                                                                                                                              • Instruction ID: cda1874e37a22e383546dd64b791035c2ae5f857746b7bf50af690f1208a9fcf
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4f463d7e8920e053de1ca9eba8078269b124df4b03af613600d994de2c3e9bb
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85022771A083128BC724CF28C4916ABB7F2EFE5350F19992DE8C99B351E738D945C786
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: d0753fd90280e0b0a5b5ff92bb9a94ca9276694065c0e2332d9b65cb4575b1ec
                                                                                                                                                                                                                                                                              • Instruction ID: 49ae427b6e397e5f797a08a0bd7a227b42a8259b563e581ad47979802899fa06
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0753fd90280e0b0a5b5ff92bb9a94ca9276694065c0e2332d9b65cb4575b1ec
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCF116B1E003258BCF24CF58C8516ABB7B2FF45310F198159D89AAF355E7389C42CB94
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 111b17bbd8568c1cae0610d3aa9f7043f8a01b237a3449cffaeb67604c3aa439
                                                                                                                                                                                                                                                                              • Instruction ID: 510c92942dca5e9fcbd3cabb6b569c7ceba0065ec8fbf4b2b917df72c4cbdb0e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 111b17bbd8568c1cae0610d3aa9f7043f8a01b237a3449cffaeb67604c3aa439
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CF1F232A29215CFDB08DF28E8905AAB3F2FF89310F19857ED94A97351D734A951CB84
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 76f7eb2ea2dd7941e95dbf1f07b72685953879e74b7f78573d97f49de11c20aa
                                                                                                                                                                                                                                                                              • Instruction ID: ce58d83bd34da9cd4c6a09a0eec165d45072cb70bc1a23c36b326c8cb5e1ea17
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76f7eb2ea2dd7941e95dbf1f07b72685953879e74b7f78573d97f49de11c20aa
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EF1CE356087418FD724CF29C89176BFBE6AFD8301F08882DE9D587391E675E948CB92
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 192639fd68e41961d56c7569aed4b7f81ce7132f9cadfac3666f8de3caf69050
                                                                                                                                                                                                                                                                              • Instruction ID: 8b59f67e56b4d6692b70a40132d92ee44091861c6ce317cf129f562540bbc733
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 192639fd68e41961d56c7569aed4b7f81ce7132f9cadfac3666f8de3caf69050
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E128D61508BC28ED325CB3C8849756BFD26B66228F1CC79DD0F94B3D3C27A9546C7A2
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 06498610b0ec8677d2f8cc98564b4683ef535f9696cda7d4c550ab5c633d9680
                                                                                                                                                                                                                                                                              • Instruction ID: 053b6f733f70fec9592c47c05e0c0e1cb241be7fb32038ae0460668e494a222c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06498610b0ec8677d2f8cc98564b4683ef535f9696cda7d4c550ab5c633d9680
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AD127755087009BD3309F24DC55AABB3E2FF96355F488A1DE8CA8B3A1EB348941C743
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: d7cf0483e3564f996f72703ad269196442916bdff768c7f4b66767ea0e5be44d
                                                                                                                                                                                                                                                                              • Instruction ID: 2c1eb6fa5e3ff40b507f90f443ed00c2fed4559a4573cafb8ee3bf1f20e0b8b3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7cf0483e3564f996f72703ad269196442916bdff768c7f4b66767ea0e5be44d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ABD1F5B6E05116CFEB18CF68DC90AAE73B2FB49311F1A8569D845E7390DB38AD01CB54
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                              • Opcode ID: b3ede5f1f929e68b4fc3ff28e2748828b0c9bfbd176f6b6519344f36fd404b02
                                                                                                                                                                                                                                                                              • Instruction ID: 7b61406c0ded7236b6e2ea7352bb969f6af2f3654fc2a6dc6be670298970eee0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3ede5f1f929e68b4fc3ff28e2748828b0c9bfbd176f6b6519344f36fd404b02
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4B14C71E047015BEB58CE28C8526AB77D6EB81304F19C53DE88B9B386D63EDC09C796
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 5e06d10485c6e486e8e88afa6185cf6dc6350d57a338ef97ca71974b52e206ce
                                                                                                                                                                                                                                                                              • Instruction ID: 2a5314dffb671bf70f47a6403468dbcb29a0020fe5ae58fd5c926f6679a83c4b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e06d10485c6e486e8e88afa6185cf6dc6350d57a338ef97ca71974b52e206ce
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ECE1BAB3F105214BF3584938CD683A266839BD5324F2F8279CE9DAB7C5DD7E9C0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                              • Opcode ID: bee70131cd705a4800fff0e37aa81380182e828fe91ed4663ef842a812f56f61
                                                                                                                                                                                                                                                                              • Instruction ID: 8b3d8044d3ffa56599d826cb1ee22d986315ee0dc3b86ef506c6e6d51aa6083b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bee70131cd705a4800fff0e37aa81380182e828fe91ed4663ef842a812f56f61
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04C134726083419FD724CF68D881BAFB7E2FB95310F18892EE4C5D7292DB359845CB92
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 9042790f78f4142cd1c1cf19203b7b11455fa9df20b621645c02a709dd8501bd
                                                                                                                                                                                                                                                                              • Instruction ID: 3ad4d99d861882003203745aa784154446a3ffc50219c78dbbe60263f9166da5
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9042790f78f4142cd1c1cf19203b7b11455fa9df20b621645c02a709dd8501bd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35D1DFB3E002248BF3145D28DC983B6B692DB95310F2F823D8E89AB7C5E97E5C495785
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 875c5c436b3672c32fb46f330a6525c1221ec5660d3ef3bdec49d47cd96577df
                                                                                                                                                                                                                                                                              • Instruction ID: 863c0e810d630b7fbf124db2f2909e0c1f9e94b22ca629ef6a51e25486ccf3c1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 875c5c436b3672c32fb46f330a6525c1221ec5660d3ef3bdec49d47cd96577df
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DC1CDF3F152214BF3545E29DC85366B693EBD4320F2F823D9A88977C4E97E9C0A4285
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: eed8223e8484701c1b4b524fb4992e9cdb9f8ddb1ddf746ad9a4858e1044ad03
                                                                                                                                                                                                                                                                              • Instruction ID: 62c22d3ec98ccf6b5cf114edb52deca8c8a72c894e1bdfb42cd5dfc04bd4884e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eed8223e8484701c1b4b524fb4992e9cdb9f8ddb1ddf746ad9a4858e1044ad03
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EC18BF3F506214BF3580969DC683A26583DB95324F2F82798F4DAB7C5D87E9C0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 81674b0aca10324fc2ab8f2f9218e24f2f5e858dddf892edf45ee4baeb066998
                                                                                                                                                                                                                                                                              • Instruction ID: d0d97535050a556f8a59d4bed56e99d1e5c99c0f20c1521f1f3e341629f499cc
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81674b0aca10324fc2ab8f2f9218e24f2f5e858dddf892edf45ee4baeb066998
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11C1CAB7F215254BF3584938CC583A266839BE4320F3F827D8A5DAB7C5E97E5C0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: b60d67b8f5a154f731423484201c541d5fbea6482f3cce6ac098de30efbb65e2
                                                                                                                                                                                                                                                                              • Instruction ID: dcc8fa0a1670e9cdc545f35bcb1dba1e45fb37193a3b35e81cd4b0bfe7155734
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b60d67b8f5a154f731423484201c541d5fbea6482f3cce6ac098de30efbb65e2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12C19FF3F216254BF3544828DC683A22583DBE5325F2F82788F59AB7C5E87E9D095384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 10f90f30b983339c2cabc25ecfe4ea88c3135c8a34b29017edeb2cf3cbeb7a86
                                                                                                                                                                                                                                                                              • Instruction ID: f99886324e39cf45fb947e11278de51347536cfe51263ae5061218c5f456041d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10f90f30b983339c2cabc25ecfe4ea88c3135c8a34b29017edeb2cf3cbeb7a86
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDC18BF7F416114BF3584968DCA43A26183DBD5324F2F827D8B19AB7D9E87E8C065384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: fa14d412704216ef6682143732f97710d22674c93b2e17823dbb5fa400cafa80
                                                                                                                                                                                                                                                                              • Instruction ID: 49558bbe79ff3e36076d8ee59bfca7e952468a8f7ff4f70ffcf508b24bc1d0fe
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa14d412704216ef6682143732f97710d22674c93b2e17823dbb5fa400cafa80
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2C1AAF7E1153547F3640978DC983A2A6829BA5324F2F82798E6C7B7C1E87E4C0A43C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: ce5fd07da8a1d60b9d05774cdc77a007c3884466c06b67a86bba309270d8f596
                                                                                                                                                                                                                                                                              • Instruction ID: c627053ca15fee4a0b44103611317f4125271b62f54279f00c8b8a2fd9bd1d13
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce5fd07da8a1d60b9d05774cdc77a007c3884466c06b67a86bba309270d8f596
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1AC189B3E1023547F3A44879CC98362A6939B95324F2F82798F5CBBBC5D87E5D0A12C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                              • Opcode ID: e7c7dc84f3fe9fbd700bf9d232a5b180cc4484068965d89c6950d7e818c9f804
                                                                                                                                                                                                                                                                              • Instruction ID: 69f8ab6e579d259b5bd926df2cf5dda48e8909726ba8e8a67614d40001365a68
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7c7dc84f3fe9fbd700bf9d232a5b180cc4484068965d89c6950d7e818c9f804
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9B1F236A187128BC724EF28D88057AB7E2FBD9700F19853DEAC697365EB319C51C781
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 63d2f020742686e52d7626192c7a63a1c25a50f8e287239cd019e5cdd8845441
                                                                                                                                                                                                                                                                              • Instruction ID: 88ad110af2f7cdf66665cda870811e56b3d157b2180a889b1803007eb9c582f7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63d2f020742686e52d7626192c7a63a1c25a50f8e287239cd019e5cdd8845441
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FB11776E00215CBDB14CFA9C8A16BEB7B2FF89311F58C16DD446AB355DB396842CB80
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: f35b6fc0b8ffb4107713cc02046e6b03e78451ec601686cd926ea45abaf40992
                                                                                                                                                                                                                                                                              • Instruction ID: 04de69c20335eb9de8d8ff899720239ef547b00eebc010a04cb4e76145e7b370
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f35b6fc0b8ffb4107713cc02046e6b03e78451ec601686cd926ea45abaf40992
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55B18AF3F1162047F3584869CCA83A2658397D5324F2F82798F6DAB7D5DCBE9C0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: b13e96644e4a857f05bb0e6c5a2358d8b4517f9a33a72905c2ed4901ec1001ec
                                                                                                                                                                                                                                                                              • Instruction ID: 641dfe12a8b7331827a1f0b0b9a5caf5310e37ba499e644984c31929667dc678
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b13e96644e4a857f05bb0e6c5a2358d8b4517f9a33a72905c2ed4901ec1001ec
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2C19CF3F2152147F3944929CD583A26683DBD1321F2F82788F9CABBC5D87E9D0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 4a1271e3f539cb30531f99e3328c35dd7ce7e8ed660a56789484719d2a9ae2aa
                                                                                                                                                                                                                                                                              • Instruction ID: 2de97c7348177905a0f2c7c735b234ea304fe3f4ddc8a6e7a748a9304d4d7ccf
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a1271e3f539cb30531f99e3328c35dd7ce7e8ed660a56789484719d2a9ae2aa
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2BB1A0B3F1062547F3544978CDA83A266839BD5324F2F82398E5CABBC5DC7E9C0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 4adb23697d5100de7ef1b52f312a687e3b680044e17639f1b213905ea146ff8c
                                                                                                                                                                                                                                                                              • Instruction ID: e455cb815a9afc70e2e9930c4615b9c0e462eecd0b0dd9f8d5efb30c0e25aff0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4adb23697d5100de7ef1b52f312a687e3b680044e17639f1b213905ea146ff8c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 809128B2A043119BD7249F24CC91B7BB3F5EF91314F05981CE98A9B381E779E904C75A
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 3b49144afa7ddace54ebbc6e152ba6d8ca3f9cafa86af9610ab8bd6fa182aa53
                                                                                                                                                                                                                                                                              • Instruction ID: 7dbac64400f21850dd632c0acf9d3d90a9d748f04e51d6b8398c74a2bbc963c4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b49144afa7ddace54ebbc6e152ba6d8ca3f9cafa86af9610ab8bd6fa182aa53
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58B1CEF3F1022547F3584938DD983622683DB95324F2F42388E59AB7C6EC7E9C0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 080e41dd47142c8f469a50d95f23015b2ccd94f47124d4a727a3e56dd505b48a
                                                                                                                                                                                                                                                                              • Instruction ID: da924bf38cd2191de20f387ce119c970e130b36624e3d835f8627ad81e733931
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 080e41dd47142c8f469a50d95f23015b2ccd94f47124d4a727a3e56dd505b48a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87B1EFB3F2152547F3584978CC693A22683DBD4311F2F82398F1DABBC9D87E9C0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 33d0bac97391987689b147b31e7baf91112188b4c6f7a31466898493eed537d4
                                                                                                                                                                                                                                                                              • Instruction ID: 7bee75563c3e596b1ae279f922f850cabe4c41e8bbd5c0c061228ac1be254bc6
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33d0bac97391987689b147b31e7baf91112188b4c6f7a31466898493eed537d4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3B1CDB3F102258BF3544D79CC983A27683DBD5320F2F82798E586BBC9D97E5D0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 3db05957b535bab0e0f85a8c6ba5863e43cbab111dd5c57f5197f2353917f857
                                                                                                                                                                                                                                                                              • Instruction ID: f5d13f377b8730b4d4a868cb2e7489e2b6234582b14143bf5b5453ee0561df93
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3db05957b535bab0e0f85a8c6ba5863e43cbab111dd5c57f5197f2353917f857
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6B16AB3F516254BF3944868CD583626583DBD5321F2F82788F58AB7C9DC7E9C0A5388
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 0e4c864fddd951bde130790c8a8d465a39adc1cdb4a7562ce56497e0e4aeb5ab
                                                                                                                                                                                                                                                                              • Instruction ID: 53c4cb75885cdf32590de5f523cc56bf7e925c5a49fe523c73d929e793fe405c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e4c864fddd951bde130790c8a8d465a39adc1cdb4a7562ce56497e0e4aeb5ab
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CB17DB3F6062547F3584978CCA83626583DB95321F2F82798F1DABBC9D87E5C0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: f3cd91bbfa6d6879bf7c31a4d261d8251e19ac76988ae3a75a6a00114a5b6fda
                                                                                                                                                                                                                                                                              • Instruction ID: 6719ab6783e02056b58811dacdd86f05a6cf6b60b37e797068253b782501aa10
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3cd91bbfa6d6879bf7c31a4d261d8251e19ac76988ae3a75a6a00114a5b6fda
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CB18AB3F1162647F3540C78CDA836266839BD5321F2F82398F596BBC9EC7E5D0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                                                              • Instruction ID: 3245d82be9386013953c473d5b77e21fbf45219dd5445e16be515d175006af05
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64C16BB29087418FC370CF28DC96BABB7E1BB85319F48492DD5D9C7242E778A159CB05
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 8ff34d4ff043d865756d933d46d0f1a003a2c601a53c1a895c04e6f20366ceb9
                                                                                                                                                                                                                                                                              • Instruction ID: 211c9ecc668761ed94a1a5d9a8d90e7db268f11437951bcdd08c69525439976b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ff34d4ff043d865756d933d46d0f1a003a2c601a53c1a895c04e6f20366ceb9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9B14BF3F216244BF3944978DD9836265839B94325F2F82788F9CAB7C9D87E5D0A42C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 80fd692e3d4c597597c3bb49786a62e397f54dc788efa7300fbc0a4e1646614e
                                                                                                                                                                                                                                                                              • Instruction ID: 1a20e801b3697b5b7ae3b3aaf7c128dc29c46c69aae9a326bc756e40cdfba394
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80fd692e3d4c597597c3bb49786a62e397f54dc788efa7300fbc0a4e1646614e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3A17CB3F206254BF3580C39CD983A266839B95320F2F427D8E6DAB7C5D87E5D0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 1a2076c4f29069c2e36a199de8889501a2e996613bfeefc301d976c8efc2b988
                                                                                                                                                                                                                                                                              • Instruction ID: 5877d94a1713f75eb92e725b2a6169554398736d98251bc6d417389cc50cb56b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a2076c4f29069c2e36a199de8889501a2e996613bfeefc301d976c8efc2b988
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CA17AB3F1152547F3684938CC683A666839BD0324F3F823D8E5A6BBC9D87F9D465280
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 0ab6fd97f6b39dae974e2c0b67302e188d47d2687181dc5c1d263d08e04c2213
                                                                                                                                                                                                                                                                              • Instruction ID: f0cb34f5505029645c1300e66f0f83028d4cb685f893a71b09eb94097e92ee4b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ab6fd97f6b39dae974e2c0b67302e188d47d2687181dc5c1d263d08e04c2213
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F915E72A5470A4BC714DE6CDC9466E76D2ABC4210F0DC23CE8968B3C2EF78AD0987C5
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 684153fb79f91d23c583703de329faa37508f941723925b799baec31e0252d90
                                                                                                                                                                                                                                                                              • Instruction ID: 544c35e7793fa2a5174017ff92962dafb7e2f486206e1bc1f972530d2ac9675f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 684153fb79f91d23c583703de329faa37508f941723925b799baec31e0252d90
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEA1B8B3F002258BF3644968CC983A276839B91324F2F82798E8D6B7C5D97F5D099384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: e2012b91987a7032620b77ce0e517695b2455ff9b3c17a6eac8d151c0841c5fe
                                                                                                                                                                                                                                                                              • Instruction ID: 1cd46cad88e42f6b6de801e5bdca2e50d5fdca824ec8b6abab976cf0370c3297
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2012b91987a7032620b77ce0e517695b2455ff9b3c17a6eac8d151c0841c5fe
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58A18DF3F1122547F3544939CDA83A26683DBD1314F2F82788F59ABBC5E87E9D095284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 6dad578b99bc288ba705ea172001489cde78a1c3466fe18748c0b1824f1b1f80
                                                                                                                                                                                                                                                                              • Instruction ID: 23ddb402a36c5c998fe8574b27026bc6c5aa0751615b54c81b887250b2a8129d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6dad578b99bc288ba705ea172001489cde78a1c3466fe18748c0b1824f1b1f80
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDA19CB3F115154BF3544938CD583626A83DBD5321F2F82788A9CABBC9DD3E9D0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 1e5b1b5c55a8ced97482d176575b5e236e42ac0c6bc9098c4fccfca904cd9730
                                                                                                                                                                                                                                                                              • Instruction ID: f0fc11245efba0f94953e806fbc60bdb04c0845c48c38ff01c1927ab29c727dd
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e5b1b5c55a8ced97482d176575b5e236e42ac0c6bc9098c4fccfca904cd9730
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11A159F3F1162147F3948879CD583A265839BD5321F2F82798E5CABBC9DC7E8D0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: a286d2dfea465be3a1cb3a80bc184129dc4862e33ddb4ecc02b4741c21d8ffa7
                                                                                                                                                                                                                                                                              • Instruction ID: 3fe1c1b8360170b4e8ef94f16d63474d464ad6e4b13554d2e6a1b617370e655b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a286d2dfea465be3a1cb3a80bc184129dc4862e33ddb4ecc02b4741c21d8ffa7
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55A15BB3F116254BF3544968CD993A22583DBD5325F2F81798F8CAB7CAD8BE5C0A1384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 6897703b08c0a2d784b66c4e4dcd50a3018943a2e2db3d0daf19fca31c1f3394
                                                                                                                                                                                                                                                                              • Instruction ID: 004a6cdeaffc2aab04577fec51d0716fe7ef4c0aec5fec3ac3868f886dbfea5a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6897703b08c0a2d784b66c4e4dcd50a3018943a2e2db3d0daf19fca31c1f3394
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08A19BB3F106254BF3544D39DD983627683DB95314F2F82788E4CABBC9E87E9D0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: f30d7672afc7898daea20e89a54da1cb0d71797725fe95d096338115b3f1a5e0
                                                                                                                                                                                                                                                                              • Instruction ID: 1183d93e315ac259ab7cb7d6c3666466de733848fafcd737bd4c7c0806bfe681
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f30d7672afc7898daea20e89a54da1cb0d71797725fe95d096338115b3f1a5e0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76A1C3B3F102258BF3544D28CC983627693DB95320F2F82388E69AB7C5D97E9D195384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 90494428b6a0453c60a33bf62ab6ca24bf2638f7a5a9d81090f8fec1c1665693
                                                                                                                                                                                                                                                                              • Instruction ID: af822663b6dfaa72a5b357ff158327a27c21cbcda9c420c04451138a225e849b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90494428b6a0453c60a33bf62ab6ca24bf2638f7a5a9d81090f8fec1c1665693
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93A1CEB3F112258BF3104928CC983A276939BDA311F2F42798A5C6B7C5D97F6D099384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 7a63683913a5a290cbe947ffdcfedddccd7d5483eaac111f08bdcb3c678d4b3b
                                                                                                                                                                                                                                                                              • Instruction ID: 23b570f2cf2fe9cc62b9475c9d512b74c97437585c59e6cb93a72613ee1c0a3f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a63683913a5a290cbe947ffdcfedddccd7d5483eaac111f08bdcb3c678d4b3b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8A199B3F1153587F3644A28CC983A2B6929B95321F2F82798E5C7BBC4D97E6C0953C0
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 97e8a4f403022400e593315165379e434aabf8ecbaaa2c39c4518c9f9655c7bd
                                                                                                                                                                                                                                                                              • Instruction ID: 1a2e63134042cb45dfedb7984dff5c3bce379b1bc0e29f47513e9d145740d6d5
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97e8a4f403022400e593315165379e434aabf8ecbaaa2c39c4518c9f9655c7bd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57A1A0B3F1162547F3544839CC583A26683DBE5325F2F82788E5CABBC9D87E9D0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: a22bd53bd8a9723fa8982f1585ad0042c7f0a76119b878dc6fcb659aeb888bf2
                                                                                                                                                                                                                                                                              • Instruction ID: b8319fef6c46ba0aa1be537ba1aecec90e147eb95266329321a16a42ac380411
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a22bd53bd8a9723fa8982f1585ad0042c7f0a76119b878dc6fcb659aeb888bf2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DBA19BB3F116254BF3644D68DC983A26283DBD5324F2F42798E5CAB7C1D9BE9C0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 62cb5e3bb4b10081db9ef2fb61106f3ae9d6594bc439e35a2e2dc43b060caf66
                                                                                                                                                                                                                                                                              • Instruction ID: 28737eb6b216724fb283ac8f19a40159458ab3441d7d6e7b9bd9b9c4d29e75cd
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62cb5e3bb4b10081db9ef2fb61106f3ae9d6594bc439e35a2e2dc43b060caf66
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0A1CCB7F002254BF3500D28DC983A27283DB95314F2F82798E996BBD5D97FAC0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: b41bac86ddec6911f06aa1011ad756b3ed8d8e2866789af4f974139e7147d627
                                                                                                                                                                                                                                                                              • Instruction ID: 67239c39fa12b30bfcb2f72874c8310d62d3bd90dc8bc01ef3566702942da8f1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b41bac86ddec6911f06aa1011ad756b3ed8d8e2866789af4f974139e7147d627
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7A18CB3F4162547F3604969DC88392B693DB95320F2F82788E5C6BBCAD97E5D0A43C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: db397c5d5bdc874a6a640f924e366197f8a1874de5c8e8a129b411bf85196239
                                                                                                                                                                                                                                                                              • Instruction ID: ea166a221d39444ee7f1bd2c79435490ec9d806fa9b47bd9a648bebb31ca289f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db397c5d5bdc874a6a640f924e366197f8a1874de5c8e8a129b411bf85196239
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4A176B3F116254BF3A44965CC983A27283EB91325F2F81798F4C6B7C5D97E6C0A5388
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 1c54ef8310939c2e873b4637027afdd53bfdfdae5e716be7511cc826eeffb14e
                                                                                                                                                                                                                                                                              • Instruction ID: feeac8b639281a09954015c48d5d3661b4be2303e7f6ca5d33ac473afa77f782
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c54ef8310939c2e873b4637027afdd53bfdfdae5e716be7511cc826eeffb14e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47A1AAB7F106244BF3A44978CD983627683DB95320F2F82788E5C6B7C5E97E6C0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 0c272e3555414b3bad33bb59323c527a1a01bc9354065adf6f05518509072654
                                                                                                                                                                                                                                                                              • Instruction ID: 868059c53463ff2d7fcf8f964a3596e041a2bb54bc32d1b8231045da6c2274c8
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c272e3555414b3bad33bb59323c527a1a01bc9354065adf6f05518509072654
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40A1C0B3F1162587F3540D28CC983A2B693DBD5310F2F82398E196B7C5E97E9C1A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 57652efac398698e215b4b6a6b523932d618266abbd4f56e5f85812a17a7ce68
                                                                                                                                                                                                                                                                              • Instruction ID: 45483e9d9da053b2a53f04f4b2f3a92c63483d2300142883711111b8b18dc9e3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57652efac398698e215b4b6a6b523932d618266abbd4f56e5f85812a17a7ce68
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 439197B3F112218BF3544D29CC583A27683DB94320F2F42798E49AB7C5D87EAC4A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 8fd9a13db53b305e82620e0b0d08ba35d660b85e83f29bb3d980c6edd3a58865
                                                                                                                                                                                                                                                                              • Instruction ID: 53987e11f050831af8f7d58be0ff870cc9bbdf16242dafa2c4da471fcc5d58bc
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fd9a13db53b305e82620e0b0d08ba35d660b85e83f29bb3d980c6edd3a58865
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2918AF3F116254BF3984878CCA8362668397E5324F2F82788F5DAB7C5D87E5C0A1284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 37a996997781c9edce082e93296babca2b1954b0449c514672fdcdb1ef253f96
                                                                                                                                                                                                                                                                              • Instruction ID: 21d43375fc26a3699a222ad001ba6763c116f795f263c5c0955724707e5f524a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37a996997781c9edce082e93296babca2b1954b0449c514672fdcdb1ef253f96
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8491ADB3F106254BF3544D79DC983A27683DB95320F2F42788E9CAB7C6D97E9C0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 8508138ffbe03e11c3ded46d4331adf7090daa49216b82293facc5f0dd137c99
                                                                                                                                                                                                                                                                              • Instruction ID: 4dbff69c2fcd6f7fb04dcd98e8e8089e5ebf88c925bd701aae13f6f9f772f252
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8508138ffbe03e11c3ded46d4331adf7090daa49216b82293facc5f0dd137c99
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F918AB3E1122587F3944929CC98362B293EBD5320F3F41798E5CAB7C5D93E9C1A5784
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 40eb9a12ab8a4a3283f9866bc490ea4acb67a55823c420b9979195c901d7f66c
                                                                                                                                                                                                                                                                              • Instruction ID: 470b158548766c1536e6568931c52ee259ee789ea20136e86fc63b4977a8f2be
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40eb9a12ab8a4a3283f9866bc490ea4acb67a55823c420b9979195c901d7f66c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F991ADB3F106254BF3504D68CC883627683D795321F2F42788E5CAB7D5D97EAD0A5388
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: f940c32c9ebbd24cd00cff02e91ca33c6a8fcc8be48c99f78a033e8eae90e706
                                                                                                                                                                                                                                                                              • Instruction ID: 8623115683afaa561163059ee0af2ce2e216f36281fb29167eb0db2475f81844
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f940c32c9ebbd24cd00cff02e91ca33c6a8fcc8be48c99f78a033e8eae90e706
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD919BB3F1112547F3644929CC983A272839BD5320F2F82798E9CAB7C5D97E9D1A53C8
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: bb326b92044459faa0c6bfb1e42c0884bfff5c263bc1e9ea6aa7f2bc98fb1ac3
                                                                                                                                                                                                                                                                              • Instruction ID: 3519855773dfd917be3099af0414b072ceb9e708ac6f8c20e954298a5de38b71
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb326b92044459faa0c6bfb1e42c0884bfff5c263bc1e9ea6aa7f2bc98fb1ac3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06919CB3F116354BF3944968CCA83A26293DB95325F2F82788E1C6B7C5E97E1D0953C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 867286b11c5ed252e38de4135281dcd8e3fb7593ec402b9c464ae14af7e473b9
                                                                                                                                                                                                                                                                              • Instruction ID: c3b9501d7b01bf47e90bbc417db1e67691cfbfc45c8cce00048c16adb2b12fc1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 867286b11c5ed252e38de4135281dcd8e3fb7593ec402b9c464ae14af7e473b9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF919CB3F506254BF3544969CC983A27693DBD5310F2F81788E19AB7C5E87EAC0A6284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: e0ff14fe768b2d0b6b3d5b5dc6cb94d4e68036e1285c1c8010bbe9652abc35ea
                                                                                                                                                                                                                                                                              • Instruction ID: fb37c1422d7cf13ec6f620df8e343633e64686fff47687c6dc7199b9b21801b7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0ff14fe768b2d0b6b3d5b5dc6cb94d4e68036e1285c1c8010bbe9652abc35ea
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D591AEB3F1163547F3504968CC98392B6839BD5321F2F82798E5CAB7C9D97E9C0952C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: a2aec9a609eb560dcbcb0e9c565218b5ae1e1b50a55bb1fed3005bcc29af6ec5
                                                                                                                                                                                                                                                                              • Instruction ID: a9b0364af2a33f731d0c727e799104eaad016820013e0a407ef494fd16f8f2de
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2aec9a609eb560dcbcb0e9c565218b5ae1e1b50a55bb1fed3005bcc29af6ec5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C916CB3F512254BF3940874DD983A26582E795310F2F82788F5CABBC5E8BE5D0A53C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 0d139594887e7b59f8bc5c2d433101846229ae8d20725a067192ec25141e3890
                                                                                                                                                                                                                                                                              • Instruction ID: 464f9d4ef7f4d25f1af454300508db1d426512b992f908395b82de7f297dd14f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d139594887e7b59f8bc5c2d433101846229ae8d20725a067192ec25141e3890
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A591ACB3F106248BF3584D28DCA83A27683DB95311F2F817D8E59AB7C5D97E9C0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 7b1e0e0fde0ffeb9fc138211588259167bb7cd2c2b67c0c16b6499230e79f066
                                                                                                                                                                                                                                                                              • Instruction ID: e8e413cfc92c63f03fc73cb15eab9e9919a3621412dc480a6b54862a0a04d7a4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b1e0e0fde0ffeb9fc138211588259167bb7cd2c2b67c0c16b6499230e79f066
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26917CB3F116264BF3504969CC883A27693ABE5320F3F42788E9C6B7C1D97E5D1A5780
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 45ad2d5e47d65471bdbd63519a55e6b94b7613bc5b19b401d0da5ce5d5378c26
                                                                                                                                                                                                                                                                              • Instruction ID: 0d2aa738da698768dcfab2f96f1a28db9825e377bf73d70554c823d30653f9e4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45ad2d5e47d65471bdbd63519a55e6b94b7613bc5b19b401d0da5ce5d5378c26
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B79169B3F106214BF3544879DD593626683DBD4324F2F82798E5DAB7C9D8BE9C0A4288
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 75a9775ca3b6485ec879fa2228b3a2e677d2107ee3df20f6328caa3d2f33d93e
                                                                                                                                                                                                                                                                              • Instruction ID: 1364b4663d0b03a0e0b07379e4b673650eae9abba600e3da7a5ec266ecb3e509
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75a9775ca3b6485ec879fa2228b3a2e677d2107ee3df20f6328caa3d2f33d93e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E991ABB3F116254BF3544D79CD983627693ABE5320F2F82788E986B7C5D9BE5C0A4380
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: f5e815decde71ea8ae5f671a9383db1de9afbc8aa6a6a78abe3283a58a0f1e79
                                                                                                                                                                                                                                                                              • Instruction ID: 550dfffcf3210748fcfacb25ce870038206c8b3c8eb8cba5ea9a9446621af0f3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5e815decde71ea8ae5f671a9383db1de9afbc8aa6a6a78abe3283a58a0f1e79
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7891AAB3F1022547F3644D29CC58362B683DBD5311F2F82798F59ABBC9E93E6D095284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: a08c0166ac22f7ba7bcdb89481c6346db41124d6481ce5a749cacb77c00aa0ef
                                                                                                                                                                                                                                                                              • Instruction ID: fe13dc8417f51a5d588d8ffc8ea66c5b105b8e3a2921b3778c8bc58fd52321a3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a08c0166ac22f7ba7bcdb89481c6346db41124d6481ce5a749cacb77c00aa0ef
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF91BBB7E116254BF3A44D24CC98362B683EBA5320F2F82798E9D6B7C5D87F1D095384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 6cb79e8ecba6cb64dd43d2484b5ee4b081067fc9e47350fa3741395a4c6ea753
                                                                                                                                                                                                                                                                              • Instruction ID: 48fcf3945fe3adfd7f40024c22a34f670b9f77e8ed7dae332d079bb9693e0edf
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6cb79e8ecba6cb64dd43d2484b5ee4b081067fc9e47350fa3741395a4c6ea753
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB81AEB3F516258BF3544D68DC983A27243DB85320F2F82798E186BBC5D97F6D099384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 7e9a3d0beb92e2e9050d921d02ce0cdba80a6f46d7088d205b67851077f2fcac
                                                                                                                                                                                                                                                                              • Instruction ID: e8a837bccd28072c2eef075814fc4b234123b2bee04ec695e38ba23171513dae
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e9a3d0beb92e2e9050d921d02ce0cdba80a6f46d7088d205b67851077f2fcac
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47817DF3E106348BF3504938DD983627692DB95325F2F82788E5C6BBC9E93E6D0952C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 4cfb6a432474d1a7cffad4e23c8b858cc5d5c8965ed29484807eeb30afb18ce2
                                                                                                                                                                                                                                                                              • Instruction ID: 0f3eb3a5cb6fdceec218b5131134dd6f3d87e86fc07547659d485e4f10c94761
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4cfb6a432474d1a7cffad4e23c8b858cc5d5c8965ed29484807eeb30afb18ce2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA81CEB3F115248BF3544E68CC48362B293EB95320F2F81798E58AB7C5E93E9D0597C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 4b4f9e2082a86098034d082e9f3b9077183d154c6a53f33c75c4c7aaa3d92d5d
                                                                                                                                                                                                                                                                              • Instruction ID: 87b7cacd3c229d5d48060ae26519dd85b1410eae14fd35b57b16139083f6ce55
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b4f9e2082a86098034d082e9f3b9077183d154c6a53f33c75c4c7aaa3d92d5d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC819DB3F6162147F3944839DC983A26183DBD5325F2F82798E5CAB7C5EC7E5C0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: e906bc4369571772f89b542ab6c6967c9c801bcee82ccb90df88faeaad309ec0
                                                                                                                                                                                                                                                                              • Instruction ID: 5f403558bae7e9091b957e1b4829e5a00f945baf005510bda49d80a7438807b7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e906bc4369571772f89b542ab6c6967c9c801bcee82ccb90df88faeaad309ec0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58819DB3F102254BF3584939CD583A27683D7D5320F2F827D8E99AB7C5D87E9D095284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 027b5a22270818b52a080279d05530c240eecbe393ce13b0c3e9db2d33767b24
                                                                                                                                                                                                                                                                              • Instruction ID: 3795ab09130b61671ec289456a0a49b8cc972b61ac6012e7d9a241c12bfb30e3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 027b5a22270818b52a080279d05530c240eecbe393ce13b0c3e9db2d33767b24
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC81ABB3F106254BF3544968DC98362B6839BD5320F2F42788E5C6B7C1E97EAC0A9784
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 3c65541880da5be24244e0f1c8c1d4a6b9416889fba0f4d192379e359ceb221f
                                                                                                                                                                                                                                                                              • Instruction ID: 36534cfd97490e08332769520969ae3284dcac6e82f8b10a251fdc79c26d3a2d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c65541880da5be24244e0f1c8c1d4a6b9416889fba0f4d192379e359ceb221f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC81AAB3F116254BF3504929CC5836272939BE5320F3F42798E9CABBC5E93E9C0A52C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 391207738f1cd2c31de827ca47f828d3dcf115b8a1557b19adb967437f2ee343
                                                                                                                                                                                                                                                                              • Instruction ID: cc5c86a35bbd8e3174cfe8cf9707552f54be7e5884fc0cf2ce85ef3f85753221
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 391207738f1cd2c31de827ca47f828d3dcf115b8a1557b19adb967437f2ee343
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 138179B3F115244BF3644939CC583A26693DBD5320F2F82788E5D6BBC9D87E6D0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: d436abc6142ba5453cd1f07f884cfb70eb5840c840f62d5552325ea8d4630b08
                                                                                                                                                                                                                                                                              • Instruction ID: d4f3c4dd0aa03bbfd48545abe5ccca04cf1a1931f94da174bf3f0685039ddd85
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d436abc6142ba5453cd1f07f884cfb70eb5840c840f62d5552325ea8d4630b08
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F8199B3F501254BF3584939CD683636683DBD5314F2F827D8E49ABBD8D87E9C0A5288
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: b297a848155de9f80a913334eb9c4ac2ce845ee1d98bbda49994e9f5e0f64634
                                                                                                                                                                                                                                                                              • Instruction ID: 38c74cfc5d28a8e686d5c96fa64c8a8263c37f41c3d5d45c78d158a8f0b71540
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b297a848155de9f80a913334eb9c4ac2ce845ee1d98bbda49994e9f5e0f64634
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F819DB3F012258BF3904D39DD883A26693DBD5310F2B82788E586BBC9D97E5D0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 0f9074f7c396bbd7d16c475bcdf420089759d3d8b91724d1f2bf08e4309dcbdb
                                                                                                                                                                                                                                                                              • Instruction ID: f80565521748e5ffc2adfaa6d4d114934f14dc4fd2003cd9f4b2ff2a3e674b88
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f9074f7c396bbd7d16c475bcdf420089759d3d8b91724d1f2bf08e4309dcbdb
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD81AAB7E4062547F3544D78CC983A266939B95325F2F8278CE6CAB7C5E87E6C0A53C0
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 58c11eea446dfed456928c19a1b06b6cf4efb2441ccafc56a9d0a6a9f2f5b4d7
                                                                                                                                                                                                                                                                              • Instruction ID: 5cf9d2000a70bc30f479769d2c1678ff83aa3c878ee8accf0dc344ff970cbcac
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58c11eea446dfed456928c19a1b06b6cf4efb2441ccafc56a9d0a6a9f2f5b4d7
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34819AB3F116258BF3544929DC983A23683DB99314F2F41798E499B3C1D97FAC4A9384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: d6e935a24f0a307c94b1b3c6216e52b43c6998beccc19540ae9bdb236837d9ff
                                                                                                                                                                                                                                                                              • Instruction ID: 8015c78f338bb10ea07421d18d681d8fbfb58a53f9ff23d4dd48832ea272caa8
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6e935a24f0a307c94b1b3c6216e52b43c6998beccc19540ae9bdb236837d9ff
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B181D0B3F216258BF3404D38CC983A27693DBD5321F2F42798A589B7C5D97EAD0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 1632da5ce2fbd16744dd43aa3d931a52e990d6ceac030d677427cb17e16b2fbd
                                                                                                                                                                                                                                                                              • Instruction ID: 24534883a5f9f45b6810630c57f8e4c95ffc87306cf5b83c8531f89854a0889f
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1632da5ce2fbd16744dd43aa3d931a52e990d6ceac030d677427cb17e16b2fbd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8071CCB3F111254BF3544938CC683A2B6839B99320F2F827D8E5DAB7C5E97E5D094384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 399e9eca7613392452cbe1346d2b540284c93f946cddebb0bdfb95045ec47dcc
                                                                                                                                                                                                                                                                              • Instruction ID: 4d6371cb3453113289cf8d805c46f214ea8b4fe1b83d9864ee1713e045e067c9
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 399e9eca7613392452cbe1346d2b540284c93f946cddebb0bdfb95045ec47dcc
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D71A0B3F116254BF3504E28CC983A27693DBD5311F2F82B88E586B7C9D87E6D4A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: dd2b5aa5d35a7920ad009fff9a17874bedb0e533fef4efc043aeba1a4db2a630
                                                                                                                                                                                                                                                                              • Instruction ID: 34a9b1d2ac0e0d80be7accd9c611df9e111f223b500dd2aa6ef9b9dbe6094508
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd2b5aa5d35a7920ad009fff9a17874bedb0e533fef4efc043aeba1a4db2a630
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D71BAB3F0023447F35449B8DD88352B692AB95321F2F82798E5C6BBC5D97E9C0A43C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: ef7c7f2ec4f1e866769e8f27f4ec7bd45f83b92811d4669a18dcaeab8405ab52
                                                                                                                                                                                                                                                                              • Instruction ID: c0ac5055eb99503e80ea9b877747d2ddf583093452e0251c52e4abff90d3542a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef7c7f2ec4f1e866769e8f27f4ec7bd45f83b92811d4669a18dcaeab8405ab52
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5717CB3F112258BF3544D29CC583A2B293DBD5310F2F81798E0C6BBC5D97EAD0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: eb314623cbcab94e93888f5fd74202211fe5c35835391e949bde06a75a2e01b5
                                                                                                                                                                                                                                                                              • Instruction ID: 52eab814ea0c9898bbabea42bfd517114dc9c4e4a0fd1593a3d7c353db4d8396
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb314623cbcab94e93888f5fd74202211fe5c35835391e949bde06a75a2e01b5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8171BCB7F1162087F3904929DC88392B283D7D5325F2F81398E5CAB7C5D97EAC0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: f8b73244254f9f11ef3c49c1cf44cc972ced8e9a232ffed9d343810599ba6cfb
                                                                                                                                                                                                                                                                              • Instruction ID: 03b3a555728061d227f54f2df91cd172227e2b56f49b3265c39a62a95cec7e53
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8b73244254f9f11ef3c49c1cf44cc972ced8e9a232ffed9d343810599ba6cfb
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50718EB7F215258BF3584E28CC983B27293DB85315F2F417D8A19AB3C0D97EAC199784
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 5b3311a29e9a5c3db3ef354fe4a081cb4ef77461f1d7df3c0c654832b85e7de6
                                                                                                                                                                                                                                                                              • Instruction ID: 92533761ec68b1d3aae0fa4b77562e4bf091feeac55dff8e6fa46833d20ea5e8
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b3311a29e9a5c3db3ef354fe4a081cb4ef77461f1d7df3c0c654832b85e7de6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 087188B3F1012587F3544A29CCA83627293AB95314F2F417E8E8D6B7C1E97F6C1A56C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: ad9fa2bc3f2c98289105cd605ce9d54cee29fd795bcdd5a7564559cfca062dec
                                                                                                                                                                                                                                                                              • Instruction ID: 57a4d43060dcc8f8ff6d7f82319d2229e7f5dd96dac5bea80d203b9b4c1021cd
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad9fa2bc3f2c98289105cd605ce9d54cee29fd795bcdd5a7564559cfca062dec
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6071A0F3F5062447F7580D74DCA83A62682D7A0324F2F42398F5AAB7C6D87E5D095384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: ec5da2a14548707f3b6d856c781556c04f4570ebe57e93d32365c3796c0b15f5
                                                                                                                                                                                                                                                                              • Instruction ID: 91212fae5b8754d86b728f1b37a9aedf79bbe447754f1cfff3e8569b99ad734b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec5da2a14548707f3b6d856c781556c04f4570ebe57e93d32365c3796c0b15f5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A71BDB3E0123587F3244E29CC58362B3939B95321F2F82B98E5C6BBC5D93E6D1656C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 80a6ca17bdac789dea5b3d0c1fd73ffa80b2c2647193f76469685006acaf21d0
                                                                                                                                                                                                                                                                              • Instruction ID: 66f29246a48c6c510147d42d407b77811e294bc5c6ccddfac2f09a02e239a024
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80a6ca17bdac789dea5b3d0c1fd73ffa80b2c2647193f76469685006acaf21d0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D271BFF3F1221547F3544939CC583A26683EBD5325F2F82388B586BBC9E97E6D0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 462355681f6b0afacd45d70f8583199e1975a8c825901b26888f17288b97ebac
                                                                                                                                                                                                                                                                              • Instruction ID: 61d85e5044ceb2376428eba68d8a485e24aa5927170384cbd6d97ac34c82b059
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 462355681f6b0afacd45d70f8583199e1975a8c825901b26888f17288b97ebac
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F37169B3F111258BF3640928CC583A27693DB91320F2F42798E9D6B7C5D97E6D0A6784
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: d9744ab2aef9477eb4b6bf8b8e515ddba2e9b4564c5b6ec2e5a82305247d33e1
                                                                                                                                                                                                                                                                              • Instruction ID: ca94f8fd9e30a0de5ac76a05892707de990fc6c4bddc85174c903591ee03fb6b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9744ab2aef9477eb4b6bf8b8e515ddba2e9b4564c5b6ec2e5a82305247d33e1
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E717AB3F106248BF3544E68CC983627293EB99311F2F817D8F896B3C4D97E6D199684
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: dd82c8efb402a2436528aabad7b19eb44205c68fdcd5a6d996d6fa2f6bd7c140
                                                                                                                                                                                                                                                                              • Instruction ID: 7b3ed4405adfc44677940b09b8a30694f16d5e26961e8d1edb74cd5d19caa6af
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd82c8efb402a2436528aabad7b19eb44205c68fdcd5a6d996d6fa2f6bd7c140
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5761393A74DBD147E328893C8C652AABA934FD6330F2CC76DE5F6873E1D56988058351
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: b5d0eafbf0b652b36a67661d73f05aa65f8837739e9fe07bb933b6103b68fbad
                                                                                                                                                                                                                                                                              • Instruction ID: c885445f3fdcafa6135803e21d879b23aad0afdffdfd5279a97265583063c9ec
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5d0eafbf0b652b36a67661d73f05aa65f8837739e9fe07bb933b6103b68fbad
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D71B1B7F2162547F3400968DC983A26683DBD5320F3F82788E6CAB7D5D97E9D095384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 42034decb1b96fb27752b3c01b93432d2b52689f184a74209eaa07881b3d29e7
                                                                                                                                                                                                                                                                              • Instruction ID: a5eeda03db41e7fb948463888a57e4fff26f6a42525e7b3fa18e3df231e5b4fb
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42034decb1b96fb27752b3c01b93432d2b52689f184a74209eaa07881b3d29e7
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2671BDB3F502288BF7444A28DCA83623292DB96314F2F41BCCF196B7D5D97E6D095784
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 3ce2acecc7c9dc19a2c29b35cd6333265f12da5415be36832bddc768dcd0fbc5
                                                                                                                                                                                                                                                                              • Instruction ID: 83e6687aaf285c0883507e046d21fc2cd67519088f75c9e8b70c089f352194bf
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ce2acecc7c9dc19a2c29b35cd6333265f12da5415be36832bddc768dcd0fbc5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6971B1B3F1122547F3500E28CC583A27293DBD5715F2F81798E885BBC9E97EAC095784
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: ed14a51ee03760e572f6109f138e356b4660aafa8f5cb7a9ce455a8f78245f51
                                                                                                                                                                                                                                                                              • Instruction ID: 8794d0279f442f9eb7a6043ac784203d66e15474893b6c3c218309cb390fd3da
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed14a51ee03760e572f6109f138e356b4660aafa8f5cb7a9ce455a8f78245f51
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC71A8F3F1052047F3984938CDA93A26682EB95320F2F827D8F5E6B7C5E97E5D095284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: b71abe3979a2c94b6437c7ade18531242c7c0a2a20a8bfa4124c6a08186fc0c5
                                                                                                                                                                                                                                                                              • Instruction ID: 90576fa051fbc2881aa077b188f24af405d64572019716cbfc9c70a001117ba4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b71abe3979a2c94b6437c7ade18531242c7c0a2a20a8bfa4124c6a08186fc0c5
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD7148B251C304AFE315AF19D881B7AFBE4EF58710F16492DEAC483250E6359890CB97
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: f7131c4e00c9dea7334b4f46515213b6cacd1a33aa807e46f9e7f97516e8fdd6
                                                                                                                                                                                                                                                                              • Instruction ID: 5cbdd8d4b4b2f1d8ca6e63415ccd7bfbc5692b3210162d92a5daf57c5ee285aa
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7131c4e00c9dea7334b4f46515213b6cacd1a33aa807e46f9e7f97516e8fdd6
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A76178B3F102254BF3644D39CC583627693AB95320F2F82798D98AB7C5D97FAD0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 0114c192d69a308fc0867fb95eea48377250c8443d6ff28055d298f878a9925f
                                                                                                                                                                                                                                                                              • Instruction ID: ec2de9b864ce715d4291b8f1d3574dbf9a831c9a08711f6a3a6ae70bad1ff72e
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0114c192d69a308fc0867fb95eea48377250c8443d6ff28055d298f878a9925f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 915128F3E1C6109FE3086A29DC0576BBBE6DBD4330F2B893DE5C893780E97558418686
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 1b15007a678fc3d218161fd7f226c201610e3fc6055c3b89eea17f95d06145ec
                                                                                                                                                                                                                                                                              • Instruction ID: 7ccd64f7d889fd61d379eea24cfad0b283009cf6698c860e4f0914ad41169683
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b15007a678fc3d218161fd7f226c201610e3fc6055c3b89eea17f95d06145ec
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C61C2B3F106254BF3544D2DCC883A27693DBD5301F2F81798E589B7CAD97EAC09A284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 234e737b779ef5af676be231a0709e862d439907c11bfb748dcab54939b8c94d
                                                                                                                                                                                                                                                                              • Instruction ID: 56f82d72ff8868d20524be9dad16a7ec2be86777ac8fa93f584a4c11e7c2617a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 234e737b779ef5af676be231a0709e862d439907c11bfb748dcab54939b8c94d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D161BEB3F506258BF3544E29CC983627293DB95311F2F81788E5C6B7C5E97F6C19A280
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 87eba94521888f1c00cb4a182437abb494c1c67e3a0822d2b185853c5e0b6bbd
                                                                                                                                                                                                                                                                              • Instruction ID: a3d81d5196c507bd1c80a1cf422c722824916992ea517f0a4ea6e6c1d9cb00e0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87eba94521888f1c00cb4a182437abb494c1c67e3a0822d2b185853c5e0b6bbd
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71618BB3F506244BF3544928CC983A27692AB95320F2F42788E5DAB7C6E97E5D0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 29e18d1080d26f6e8fdd666082c97049ddcd36aba2f503fafee53496cce9808b
                                                                                                                                                                                                                                                                              • Instruction ID: dba11323801e34606b4f8910fb2a35f7bccfdb5b891da6df68986787ce356c11
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29e18d1080d26f6e8fdd666082c97049ddcd36aba2f503fafee53496cce9808b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF512170608200EBE710AF28D885B6FB7E6FB85700F50882DE5C997292DB35D805C7A2
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 0288cd3b192f347070e81ea7353e08bb5565fcf5553c08da131d7bc18d8c1a13
                                                                                                                                                                                                                                                                              • Instruction ID: 65b979b5428f1acb6dff0e9877ce7d37fccfb3eda3e0817a25487b80a610f2b1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0288cd3b192f347070e81ea7353e08bb5565fcf5553c08da131d7bc18d8c1a13
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97516CB15087548FE314EF29D49435BBBE1BBC4318F144E2DE4E987351E379DA088B92
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: b75d0b520b42fe98542245eae240ba62dd85ec06f3cf7ddc4ff1cfaf4b8e6940
                                                                                                                                                                                                                                                                              • Instruction ID: 1d89748d301923b8b574ccc3334d45fb0b23cb3444d51912a4de3c3bc2167ab8
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b75d0b520b42fe98542245eae240ba62dd85ec06f3cf7ddc4ff1cfaf4b8e6940
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 445102F3F1162587F3500968CC593A27683DB95314F2F42798F686BBC5D97E9C0A5388
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 46d750cbfe0f40c1a7fd76a7db877f0054327b0b96cf7f763f3d41eaa5b583c3
                                                                                                                                                                                                                                                                              • Instruction ID: 31692babaf0220d242490e6270ee29428ae1c5d1a7667575bb63d0389cadb038
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46d750cbfe0f40c1a7fd76a7db877f0054327b0b96cf7f763f3d41eaa5b583c3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA51D0B7F106254BF3544E28CC943B27293DBA9311F2F81788E099B7D4D97E6D19A384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 518ebe6b8452203c2489491584287fba45d8c713fc7b34ba7e3c92d77703fff4
                                                                                                                                                                                                                                                                              • Instruction ID: 69c8e48833b54e02e9280b084b4d04805abdd4ad80978de1d7c66baa1fca20bb
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 518ebe6b8452203c2489491584287fba45d8c713fc7b34ba7e3c92d77703fff4
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E519EB3F106244BF3944D28DC993627292DBA9310F1F427C8E9DAB7D5D93E6D095388
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: e1f209bdd4efc4ba77cf6a33e493efed760960cb12342f604bbe31c82dc486e0
                                                                                                                                                                                                                                                                              • Instruction ID: ea050455f3490fe215ed923de9885d975e555eaf5732a1474cfe07c975201409
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1f209bdd4efc4ba77cf6a33e493efed760960cb12342f604bbe31c82dc486e0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29518BB3F106258BF3584E68CCA43A27693DB95324F2F423D8E59AB3C0D97E6C195784
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: e5ecd8f4f14804e20cdcfc22c60b16852f21ae452cbf7ecc73dd19f13c6f0715
                                                                                                                                                                                                                                                                              • Instruction ID: ad764ab38a36842ad3a2e53326a2850b55ddcb997049e1e9c5f8a527f6d2c108
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5ecd8f4f14804e20cdcfc22c60b16852f21ae452cbf7ecc73dd19f13c6f0715
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54519BB3E1112687F3404D38CC883A276939BD5324F3F82398A586BBC8DE7E5D1A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 33c78ba952f2b60532dccf9090b1ea6ef10faccee1cce9ead0f506d78c9413ab
                                                                                                                                                                                                                                                                              • Instruction ID: 0bd8195df8c6d203fcba2639efbaadb226a21e6ff217c95549fb46f0f1f671c7
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33c78ba952f2b60532dccf9090b1ea6ef10faccee1cce9ead0f506d78c9413ab
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A51BBB3F111350BF7484838CC683A262839B95320F2F42798E4DAB7C5E97E9D0A43C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 1279d055e779324eb8319bb9b0086c55edcea3ea8307d360947cb2f08657e90c
                                                                                                                                                                                                                                                                              • Instruction ID: 33098376a575d7aea7c6f3fde56c3419d2d123cbb6fe6a1dce9eb29e31f6c5bc
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1279d055e779324eb8319bb9b0086c55edcea3ea8307d360947cb2f08657e90c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8518AB7F006254BF3584D29CCA53A27283DB95310F2F427D8A4A9B7C4ED7E5C0A9284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 6888a56dbf50083a84c249c8147c1195b0717abb6db595b0b94e532f8b3ae024
                                                                                                                                                                                                                                                                              • Instruction ID: 6d5ac59e8beab36e3bfeb890f80839aa82b5175fddd15058039280d5d9463acc
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6888a56dbf50083a84c249c8147c1195b0717abb6db595b0b94e532f8b3ae024
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC519DF3F101214BF3584929CC583A27683ABD1311F2F82798B4D6B7C8ED7E5D0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 72f3cfd5fe7e15d7eae9d5110c59a89d76039154c7179435863588cc64c6c12e
                                                                                                                                                                                                                                                                              • Instruction ID: 16940cefcffa00f606787bbb37e3ba8d2bc8c28ba20e39570f83d53b13da3c95
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72f3cfd5fe7e15d7eae9d5110c59a89d76039154c7179435863588cc64c6c12e
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4051C1B3F616254BF3544878CC983A26583DBD9310F2F82788E9C6B7C5E87E5D0A5384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 323d0f1e0ab656be8770159895bc7348d894a63eb862531206250cfb621df643
                                                                                                                                                                                                                                                                              • Instruction ID: b552596ab8893a3851609cb2835b1ff77812a00ee24680a9c21c0a978855c84c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 323d0f1e0ab656be8770159895bc7348d894a63eb862531206250cfb621df643
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D151ADB3F1122547F7544D28DCA43A27283DBD9324F2F427D8A591B7C9EC7E6C0A9284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                              • Opcode ID: 10a5cdcbab1d9c202de6b4a9fd2ad4ced0d9c5fce96c3acbc758886558ec0798
                                                                                                                                                                                                                                                                              • Instruction ID: 24cd07d0bcecd6595f2a75f2e726dde36bd91ca8a550a143fb7ec931fa15ef43
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10a5cdcbab1d9c202de6b4a9fd2ad4ced0d9c5fce96c3acbc758886558ec0798
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17417636618700DFE3248BA8C888ABEBBD3B7D9314F6D552EC4C927222CF7058418796
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 91314eb35f89c7e4089f76c41f0f30804d4cfaa133388a69c97c219893449cd9
                                                                                                                                                                                                                                                                              • Instruction ID: aaeb9031a7a02acf778af15520d195cd903c7cc113b12a32defd3fd58b23b972
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91314eb35f89c7e4089f76c41f0f30804d4cfaa133388a69c97c219893449cd9
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22418C75A05202DFE758CF68DCA0BA9B3B2FF4D311F1985A9D545E7390CB38A852CB40
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 89384849dfc8c8228250b2be60362cef06964dbfa9336ad9662fbbaa94b7374d
                                                                                                                                                                                                                                                                              • Instruction ID: c1ee7dc2a53b93c6dfe27940a6d39800d10fdb0c821e1542f4e87ddff55105b2
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89384849dfc8c8228250b2be60362cef06964dbfa9336ad9662fbbaa94b7374d
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA419AB7F026254BF3640968CC683A266839BD6325F3F42798E686B7C1E93E5C055384
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: e19f1bb3d3bfda667c6e2ce79af3a006d81df78c4e46e0f378f6791986d9718f
                                                                                                                                                                                                                                                                              • Instruction ID: f50e05588bb37ea3b046315a7baa68f824efcfa2a63ec9fc2d437567edc91472
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e19f1bb3d3bfda667c6e2ce79af3a006d81df78c4e46e0f378f6791986d9718f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3541BDB3F114254BF3544A28CC583627683DBD6315F2F8279CA4C6B7C4E93E6C099784
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 77505ed6712e4144636050d9d086ff0481afb4d796106fe0a2c9ad3efb2b5dd2
                                                                                                                                                                                                                                                                              • Instruction ID: 06b03f29af5bd177f57b430c5d70884a0d40dd17f80463a78adf5bd4ca83a21c
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77505ed6712e4144636050d9d086ff0481afb4d796106fe0a2c9ad3efb2b5dd2
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2841E3B1E102285FDB24CF788C5279EBBB6EB95300F1181ADD859FB285E7340D468F92
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 5bfff136d710c907481b96ac2ddf43ef08c71e3bf1f7e243dbc17fa94f07805f
                                                                                                                                                                                                                                                                              • Instruction ID: a85d6152ce2b94681f0e03e3e6910da44c6f74097508f554e038a89f6c7e2a04
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bfff136d710c907481b96ac2ddf43ef08c71e3bf1f7e243dbc17fa94f07805f
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB41EAB250820EDFD721CF54C8445EF3FA9FB57360F708526D841C7A42E6724D159B69
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 4f1f4800b05079db0eaebfc5b8d73e556cc5b2d6b45d6cfc733e3d15061ab5c3
                                                                                                                                                                                                                                                                              • Instruction ID: dbfea97b95d06ed9c8f39e7689d84ae64817f1ccf4b56e57d6c07481511e30c9
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f1f4800b05079db0eaebfc5b8d73e556cc5b2d6b45d6cfc733e3d15061ab5c3
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D33149F7F2162147F3580839DD5836266839BE5315F2F82798F0CAB7C5E87E980A5288
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 59dbc9697c88b8854e091106e966ccd2b9386f3745ab1633d06b0ec36df16391
                                                                                                                                                                                                                                                                              • Instruction ID: 014962878ac9e5bb1884f057862f87300de6c63b78abb1c7e91ba1a3c29de3fc
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59dbc9697c88b8854e091106e966ccd2b9386f3745ab1633d06b0ec36df16391
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E3138B3E152185BE3505D39CD48367B7CBE7C4320F2B82389A54CB784ED7AA94A4289
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 803370d7020f49dc29a152cf8e86c1425430a4534326cc0428369ea38b29cedb
                                                                                                                                                                                                                                                                              • Instruction ID: 35e1a21456f3ec7c0047935454cfd0c473c38898e9aebe9a3907231033007481
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 803370d7020f49dc29a152cf8e86c1425430a4534326cc0428369ea38b29cedb
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E94102B291C300AFD746AF28D885A6EFBE4FF58310F564C2DE6C482614E6359990CB4B
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 55e4611b324a0d5641929a921ec4cb53f784171ad91d07d987aa832cc0db8c8b
                                                                                                                                                                                                                                                                              • Instruction ID: 1baa9cabeb61ae0c10b135b23430ff4253771c8ed87b0de4658e28fd7e5e8be1
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55e4611b324a0d5641929a921ec4cb53f784171ad91d07d987aa832cc0db8c8b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC318DF3F1162547F3544D38CD983632642E791315F2B82798F08ABBC9D8BE5D065390
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: f2e2ea6fb1669827dbed99d1bfdeafb12ed3abc2be48cb1257d25d2cdb7456c8
                                                                                                                                                                                                                                                                              • Instruction ID: 93bf6ac8af3382b61cd52b0639a9c08194b2c5690bb520f90a35c671557bc42d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2e2ea6fb1669827dbed99d1bfdeafb12ed3abc2be48cb1257d25d2cdb7456c8
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6315AB3F5263547F35049A8DC44392A24397A9311F2F82788E5C7B7C1D97E5C0957C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 0202db40c24d63fd94bb460b6531128b4b91899ced54af68386e26bf32cec367
                                                                                                                                                                                                                                                                              • Instruction ID: c50f81bad16d4dd50684f1bf163f93e92dff57f1ddf8c6e7abe13ded26e32ae3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0202db40c24d63fd94bb460b6531128b4b91899ced54af68386e26bf32cec367
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE312CF7F1162247F3904869DD493926183DBD5329F3F82348E58A7BC6E87E9C4A12C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: cce8a22a72d3ff567684bee1d1825d5899087a7e307ae946e95cf716663f5004
                                                                                                                                                                                                                                                                              • Instruction ID: d3ee5e2be3e503c37561f0ee52913d02517d2abc86a99a39d82b82bf9bfba8fd
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cce8a22a72d3ff567684bee1d1825d5899087a7e307ae946e95cf716663f5004
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E210A31A483500BD758CF38889153BFBD2ABDA224F1CD63ED4E6972D5CA34ED068B45
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: f14d50f2b91518e0e488d3d7358c65ff1814ad9b011b59c64ca59cab017f3e98
                                                                                                                                                                                                                                                                              • Instruction ID: c37c34f10eb748b95969153b479fb4f68f26eacc14391a39caeb95c5eebc05d6
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f14d50f2b91518e0e488d3d7358c65ff1814ad9b011b59c64ca59cab017f3e98
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4631F6E3F516250BF3940878DDA83A2158397A5728F2F82798F6C6B7C6DCBE59091284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: d4db02df4e9bf5893a81ec88d7a13256f0f64968debfa82385c3ca7398fef114
                                                                                                                                                                                                                                                                              • Instruction ID: 7d73491837ee6eba3e3fadab6219c62adf51582e87438fe059dd70aa35090b27
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4db02df4e9bf5893a81ec88d7a13256f0f64968debfa82385c3ca7398fef114
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A217CB7F106214BF7584C79CD9836265839BD4320F2F83398E696B3C5DCBD1C0A0280
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 463914779a7486a4371bf3e301bb1b8b9a35a9ed860d8f77487fb6b84479a440
                                                                                                                                                                                                                                                                              • Instruction ID: 75bb2175b4c697922bb45b391995f4470d2c8c9086d05778823d3f415ec2d49d
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 463914779a7486a4371bf3e301bb1b8b9a35a9ed860d8f77487fb6b84479a440
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 602129B3F115244BF3648839CD48356658397D5321F2FC3798E5CA7BC9D87D5D0A1284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 888081097b873d54ec938313b9f6fab707d760692d1159d0c186718fdaf0321b
                                                                                                                                                                                                                                                                              • Instruction ID: a9ee01bcc4b22c7d36d793f26512bd86fc0ef565363002a3f501009efdee0c5a
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 888081097b873d54ec938313b9f6fab707d760692d1159d0c186718fdaf0321b
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E216DB3F002244BF3544D69CD94392B653EBD5310F1F82798E4CABBD4D9BE9D0A5288
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: c83647c3c3d83a331d0279d4f8b8fb92001b891c00116a383de34d5f764526de
                                                                                                                                                                                                                                                                              • Instruction ID: f29775ec607c4df93b440e73755c0b4445e7b6852127ce3dfd75574ae9f81975
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c83647c3c3d83a331d0279d4f8b8fb92001b891c00116a383de34d5f764526de
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D214CF3F5122547F3504869DCA83935183D7A5325F2F82399E68ABBC5E87E9C0A13C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 595a83796d59ca72380345ecdf9abd6d432ddcae728143d1232f14f16efeaeed
                                                                                                                                                                                                                                                                              • Instruction ID: 7299649137a957be6027f53d9bba7223db40bfa1fd059c673096aefc9189f120
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 595a83796d59ca72380345ecdf9abd6d432ddcae728143d1232f14f16efeaeed
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE2156E3F4062607F3500875DC583A362838BE5725F2F81358F88ABBC9E87E9C0A12C4
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 421a7b1c19d4118e56960a0e573471f2cbc871d363ad4d71691f406ed2c04fe7
                                                                                                                                                                                                                                                                              • Instruction ID: c20edbfd05b3a6a3d45b2405cbdaf563f076bc9ae48dabe74af01a39917ccde0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 421a7b1c19d4118e56960a0e573471f2cbc871d363ad4d71691f406ed2c04fe7
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F2179B3F1162547F3844839CD583A2668397E0324F2F82788F5C6BBCADD7E4C0A5284
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: a7578bb70ba52a21bf9ea4a170e465b286ba96bc8269e23168ae9601b3cda28c
                                                                                                                                                                                                                                                                              • Instruction ID: 19a3ec877d6e0376716dd9f3eb34df2caf4732dcfc0bfe5330b345a90af0f241
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7578bb70ba52a21bf9ea4a170e465b286ba96bc8269e23168ae9601b3cda28c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D12190B7F516244BF3984824DDA93376582DBA6311F2F827D8B1A6B7C5DC7D5C0A4280
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                              • Instruction ID: a115d5e08dd4a3ba0145315f617a7ce4b23de0e3a1ee15eab33046914f054998
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5911CA336055D40EC3169D3C88005657FE32BA323BBA95399F4F89B1D3D6228DCA8354
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: e4a6bce38bb77cb855b0c1b2651f63ca23977da10de64c19d828eeec774b109c
                                                                                                                                                                                                                                                                              • Instruction ID: 6402c2b8f5f0e932f2ee588ba2923e209dabe421242a046aa63520c1e32538d0
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4a6bce38bb77cb855b0c1b2651f63ca23977da10de64c19d828eeec774b109c
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F019EB5B0530147DA649E1098C1B2BA2F86BC2745F18C42CE80857242DF69EC09C79A
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 8c23353f540a47e83fa0e23e81e7c6ef5d43c00b3124df5d8f61d5716d71f5ff
                                                                                                                                                                                                                                                                              • Instruction ID: 51abf5f63ef02f40f4a3dcdd7d37d043069ba9fe3376c342c0540c54f4a8b4d4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c23353f540a47e83fa0e23e81e7c6ef5d43c00b3124df5d8f61d5716d71f5ff
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 291139B3F6162147F390882ACD993A36183E7D4325F2BC1798A885BBCDDC7E584B5684
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 849fec1ffad71f4c62db84b7685168d6c7e1bee86fa417ef55eff3eef8c481cb
                                                                                                                                                                                                                                                                              • Instruction ID: 4095ccae0e9697adb59b02a0fe56693d70efff3a6511b5a403021c7abe10e1a3
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 849fec1ffad71f4c62db84b7685168d6c7e1bee86fa417ef55eff3eef8c481cb
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0AE0ED75C12100EFEE047B10FC01A587B62B762307B865123E44863273EF3554269755
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: f9a861e54ac44f359265adaec1cba52691b9776e18e63c92cbc7553a0cd98459
                                                                                                                                                                                                                                                                              • Instruction ID: ed0f0d53a7d597f8cdca90c7e993658abe8046db001d3db6f63c172d340e33d4
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9a861e54ac44f359265adaec1cba52691b9776e18e63c92cbc7553a0cd98459
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07D01277F9610047AA099E50ED43A76A663A3C760570CE1258C05E3359DE3CD40E950A
                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2175877043.0000000000051000.00000040.00000001.01000000.00000003.sdmp, Offset: 00050000, based on PE: true
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175861442.0000000000050000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175877043.0000000000093000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175925900.00000000000A2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.00000000000A4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.000000000030A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000330000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000338000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2175942192.0000000000346000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176199995.0000000000347000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2176315617.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_50000_xxLuwS60RS.jbxd
                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                              • Opcode ID: 23a485155c5a9fa45aa6494d632bc6525f70e36669bcf1a6c8e7c6fbb56a6e4a
                                                                                                                                                                                                                                                                              • Instruction ID: 171a5b30a2c6e942b41f7a3a2ecb8a7a5b52d890d293b787c8cba20cd98da81b
                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23a485155c5a9fa45aa6494d632bc6525f70e36669bcf1a6c8e7c6fbb56a6e4a
                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7A011A0C2A00082B8008E20AC020B2A238A30B2A2F003822E808B3203EA00E0088B0A